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Think  your  top  IT  talent  is  staying  put? 

Think  again.  Half  your  IT  middle  managers 
may  be  headed  out  the  door  when  the 
economy  improves.  Some  have  already 
checked  out,  mentally.  Here’s  what  you 
can  do  about  it.  Page  47 


HP  Plans  Thin-Client 
System  With  PC  Blades 


Sees  new  technology  as  PC  replacement  that 
could  cut  companies’  desktop  TCO  in  half 


BY  PATRICK  THIBODEAU 

Hewlett-Packard  Co.  last 
week  detailed  a  plan  to  mar¬ 
ket  thin-client  systems  based 
on  PC  blades,  which  it  claims 
have  the  potential  to  replace 
up  to  half  of  the  existing 
desktops  in  midsize  and  larg¬ 
er  companies. 

The  PC  blade 
system,  called  the 
HP  Consolidated 
Client  Infrastruc¬ 
ture,  will  be  avail¬ 


able  in  March.  It  consists  of 
a  thin  client  connected  to  a 
dedicated  rack-mounted 
blade  in  the  data  center.  The 
blade  will  run  Microsoft 
Corp.’s  Windows  XP  and  use 
Transmeta  Corp.’s  Efficeon 
processor. 

HP  claims  its  PC  blades  can 
halve  the  total 
cost  of  ownership 
for  desktops, 
which  it  puts  at 
about  $8,000  per 


PC  over  four  years. 

One  company  eyeing  PC 
blades  to  reduce  desktop 
costs  is  Wells’  Dairy  Inc., 
maker  of  Blue  Bunny  brand 
ice  cream  products  in  La 
Mars,  Iowa. 

The  company  already  has 
some  thin  clients  attached  to 
servers,  but  Kim  Norby,  vice 
president  of  IT,  said  he’s  con¬ 
sidering  PC  blades  to  cut 
desktop  costs.  “We’re  cer¬ 
tainly  very  driven  to  contin¬ 
ue  to  do  more  with  what  we 
have  and  be  able  to  support 
HP  Blades,  page  60 


ONLINE:  Sun  makes  an 
AMD-based  blade  server 
announcement: 
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Feds  Say  IT  Security  Lacking 


Regulation  likely  if 
private  sector  doesn’t 
protect  infrastructure 

BY  DAN  VERTON 

SANTA  CLARA,  CALIF. 

Secretary  of 
Homeland 
Security 
Tom  Ridge 
last  week 
warned  the 
IT  industry 
that  the  na¬ 
tion’s  critical 
infrastruc¬ 
ture  presents 
“an  attrac¬ 
tive  target  for  terrorists”  —  a 
target  that  his  top  cybersecu¬ 
rity  advisers  said  will  be  pro¬ 
tected  by  government  regula¬ 
tion  if  the  private  sector  fails 
to  bolster  security. 

Speaking  to  more  than  300 
IT  executives  at  the  first  Na¬ 
tional  Cyber  Security  Summit 
here.  Ridge  said  terrorist 


; '  h 


Ridge  says  cyber¬ 
security  depends 
on  industry  efforts. 


groups  “know,  as  do  we,  that 
a  few  lines  of  code  could  ulti¬ 
mately  wreak  as  much  havoc 
as  a  handful  of  bombs.” 

Ridge  encouraged  the  IT 
industry  and  the  private  busi¬ 
nesses  that  own  and  operate 
more  than  85%  of  the  nation’s 
critical  infrastructures  to 
lead  the  nation’s  cybersecuri¬ 
ty  efforts.  “The  continued 
success  of  protecting  our  cy- 


Reporter’s  notebook:  A  top  OHS 

official  speaks  with  Computerworld 
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Cybersecurity  task  forces 

deliver  action  plans  to  the  DHS: 
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berspace  depends  on  the  in¬ 
vestment  and  commitment  of 
each  of  you  and  the  business¬ 
es  you  represent,”  he  said. 

Cybersecurity,  page  16 


Offshore  Support  Questioned 

Vendors  must  balance 
user  satisfaction  with 
desire  to  curb  costs 


BY  BOB  BREWIN 

Offshore  technical  support 
services  have  become  a  fact 
of  life  for  many  technology 
vendors  and  their  customers. 
But  both  vendors  and  users 
last  week  said  support  opera¬ 
tions  have  to  balance  their 


desire  to  reduce  labor  costs 
with  customer  satisfaction 
considerations. 

The  issue  came  to  the  fore¬ 
front  late  last  month,  when 
Dell  Inc.  said  it  was  returning 
phone-based  technical  sup¬ 
port  for  its  corporate  PCs  to 
the  U.S.  because  of  com¬ 
plaints  from  some  users 
about  the  quality  of  service 
they  received  from  a  call  cen- 
Support,  page  16 


ji g  a b o ut  the  brochure  as  usual 
fretting  about  the  expense  as  usual. 

Not  color  as  usual. 


Not  business  as  usual. 


ANVWARE" 


The  Canon  Color  imageRUNNER®  C3200  with 
image  WARE™  Publishing  Manager  is  anything 
but  business  as  usual.  Actually,  it's  a  totally  new 
way  of  working  that  lets  you  create  and  print 
professional-quality  color  booklets,  catalogs, 
brochures... you  name  it.  In-house,  right  at  your 
desktop.  With  image  WARE  Publishing  Manager, 
you  can  combine  multiple  documents  created  in 
different  applications  to  form  a  single  document. 


Canons  imageWARE  Publishing  Manager  Software. 
Create  and  print  color  documents  right  from  your  desktop. 


You  can  import  images  or  text  streams,  create 
and  format  chapters,  renumber  pages,  insert 
headers  and  footers.  You  can  apply  editing, 
page  imposition,  print  settings,  and  professional 
finishing.  You  can  share  it  all  with  co-workers. 
You  can  manage  it  all  every  step  of  the  way. 


And  we're  just  scratching  the  surface.  This  means 
no  more  endless  waiting  for  that  all-important 
document.  See?  At  long  last,  you're  in  control. 

And  ultimately,  you're  not  stressing  out.  The 
Canon  Color  imageRUNNER  C3200  with 
imageWARE  Publishing  Manager.  For  fast, 
affordable  in-house  color  with  professional-quality 
finishing.  So  say  goodnight  to  business  as  usual. 


www.imagerunner.com 
1-800-OK- CANON 


Canon  KNOW  HOW 


Canon  and  Canon  Know  How  are  registered  trademarks  of  Canon  Inc.  IMAGERUNNER  is  a  registered  trademark  of  Canon  Inc.  in  the  U  S.  and  Canada.  IMAGEWARE  is 
a  trademark,  and  IMAGEANYWAREis  a  service  mark  of  Canon  U.S.A.,  Inc.  ©2003  Canon  USA.,  Inc.  Product  shown  with  optional  accessories.  imageWARE  Publishing 
Manager  must  be  purchased  separately,  and  has  minimum  O/S,  hardware  and  software  requirements.  Contact  your  local  Canon  imageWARE  dealer  for  details 


Faster  than  Verizon. 
Faster  than  Sprint  PCS. 
Faster  than  Cingular. 
Faster  than  T-Mobile. 
Faster  than  Nextel. 


For  the  fastest  way  to  open  large  e-mail  attachments  on 
a  national  wireless  network,  switch  to  AT&T  Wireless. 

It's  a  fact.  No  one  offers  a  faster  national  wireless  data  network  than  AT&T  Wireless  with  EDGE 
technology.  No  one.  With  average  speeds  of  100-130  Kbps,  bursts  of  up  to  200  Kbps  and  secure 
wireless  access,  you  can  browse  the  Internet  as  well  as  download  presentations,  documents  and 
spreadsheets  nearly  twice  as  fast  as  with  any  other  national  wireless  data  network.  We  work 
with  leading  IT  companies  to  help  you  get  more  out  of  the  technology  you  use  every  day,  across 
the  U.S.  High-speed  national  wireless  data  is  here.  And  no  one  is  faster  at  it  than  AT&T  Wireless. 
Call  1  888-DATA-288  or  go  to  attwireless.com/speed 


Access  the  fastest  national 
wireless  data  network  with 
an  easy-to-use  PC  card. 


Open  e-mail  attachments  at 
average  speeds  of  100-130  Kbps 
and  bursts  of  up  to  200  Kbps. 


Download  large  documents, 
presentations  and  reports 
in  just  seconds. 


Faster  data  speeds  from  more 
places  in  the  U.S.  than  with 
any  other  wireless  carrier. 


reach  out 

on  the  wireless  service  America  trusts'" 


AT&T  Wireless 


©2003  AT&T  Wireless.  All  Rights  Reserved.  Requires  credit  approval,  qualified  minimum  one-year  agreement  and  rate  plan,  and  compatible  EDGE  PC  modem  card.  Actual  download  speeds  depend  on  coverage,  network  availability  and  traffic, 
device,  applications,  tasks,  file  size  and  other  factors.  Comparison  based  on  published  speed  claims  of  national  mobile  wireless  data  networks.  Not  available  for  purchase  or  use  in  all  areas.  Coverage  is  subject  to  transmission  limitations  and  terrain, 
system,  capacity  and  other  limitations.  Secure  wireless  access  refers  to  the  authentication  and  encryption  features  available  on  the  AT&T  Wireless  network  Additional  restrictions  apply.  Service  is  subject  to  Terms  and  Conditions/Service  Agreement 
and  rate  plan  materials.  All  marks  used  herein  are  marks  of  their  respective  owners. 


Moving  Data  to  the  Mountain 

In  the  Technology  section:  Once  a  limestone  mine, 
Iron  Mountain’s  underground  facility  was  designed 
to  protect  corporate  data  from  a  nuclear  blast.  Today, 
its  electronic  data  center  helps  clients  comply  with  a 
spate  of  new  regulations.  Page  34 


Windows  Server  2003: 

Raising  Shieids 

Also  in  the  Technology  section:  Six  months  after  its 
release,  Windows  Server  2003’s  early  adopters 
give  a  thumbs  up  to  new  security  features,  but  the 
overall  security  report  card  is  mixed.  Page  29 
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6  Security  group  releases  draft 
guidelines  for  defining  the 
chief  security  officer  role. 

7  IBM  hopes  EMC’s  customers 

will  switch  to  its  storage  prod¬ 
ucts  with  the  help  of  its  Piper 
data  migration  technology. 

7  NetApp  forges  alliances  as 

part  of  a  plan  to  offer  software 
with  its  storage  devices. 

8  CA  adds  a  Web  services  man¬ 
agement  tool  to  its  Unicenter 
product  line. 

10  The  Pentagon  is  working  with 
the  private  sector  to  develop 
common  RFID  standards. 

10  BPM  tools  offer  many  bene¬ 
fits,  but  rollouts  can  be  chal¬ 
lenging,  users  say. 

12  Las  Vegas  public  schools  are 

rolling  out  a  $31  million  back¬ 
bone  network  and  digital/IP 
phone  system. 

12  Start-up  offers  software  for 

designing  data  center  racks. 

14  PeopleSoft  is  changing  the 

pricing  plan  for  J.D.  Edwards 
products. 

14  Patch  management  options 

proliferate  in  Blaster’s  wake. 

19  IT  hiring  plans  for  2004  vary 
from  company  to  company. 

22  BEA  and  IBM  team  up  to 

work  on  new  Java  specs. 

60  Microsoft  loosens  up  its  poli¬ 
cy  for  licensing  its  intellectual 
property. 


36  Future  Watch:  The  New  Inter¬ 
net.  Scientists  are  working 
on  the  next  generation  of  the 
Internet,  which  will  be  self- 
aware  and  able  to  automati¬ 
cally  determine  the  best  way 
to  deliver  data  and  services  — 
not  to  mention  faster,  more 
reliable  and  more  secure. 

40  Security  Manager’s  Journal: 
Single  Sign-on  Effort  Falls 
Short.  Mathias  Thurman’s 
company  merges  its  directo¬ 
ries  and  moves  toward  single 
sign-on  authentication,  but 
implementing  the  system  has 
some  unexpected  and  un¬ 
desired  effects. 
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47  Already  Gone.  Recent  surveys 
indicate  that  when  the  econo¬ 
my  improves,  many  IT  middle 
managers  may  bolt  out  the 
door.  Here’s  why  —  and  what 
you  can  do  about  it. 

50  The  Pros  &  Cons  of  CMM. 

Offshore  outsourcers  tout 
their  high  Capability  Maturity 
Model  ratings,  yet  many  U.S. 
companies  can’t  take  advan¬ 
tage  of  such  quality  and  can 
end  up  paying  for  more  than 
they  need. 

52  Preventing  P2P  Abuse. 

University  IT  managers  have 
become  experts  in  combating 
the  computer  security  and 
network-overload  problems 
caused  by  peer-to-peer  file 
swapping.  Corporate  IT  man¬ 
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44  Tommy  Peterson  suggests 
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54  Bart  Perkins  says  upstarts  are 
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62  Frankly  Speaking:  Frank 
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tems,  saying  it’s  a  lot  of  talk 
and  little  substance. 
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The  Pathway  to  a 
Service-Oriented  Architecture 

DEVELOPMENT:  Four  steps  to  realizing 
business  benefits  from  Web  services. 

O  QuickLink  43264 

The  Benefits  and  Risks  of  Mobility 

MOBILE/WIRELESS:  A  checklist  for  meeting 
the  security  challenges  posed  by  handhelds 
and  other  mobile  devices.  ©  QuickLink  42963 


Keeping  Vendors  on  Their  Toes 

STORAGE:  Maintaining  multiple  suppliers  is  a 
good  way  to  keep  vendors  on  their  toes  and 
prices  competitive,  but  what  are  the  techni¬ 
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dent  of  Building  Storage.  ©  QuickLink  43238 

Driving  Successful  CRM  Adoption 

SOFTWARE:  Without  user  buy-in,  even  the 
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Microsoft  Upgrades 
CRM  Applications 

Microsoft  Corp.  today  plans  to  an¬ 
nounce  an  upgrade  of  its  CRM 
software  that’s  designed  to  pro¬ 
vide  tighter  security  and  simpli¬ 
fied  installation.  Version  1.2  of  Mi¬ 
crosoft  CRM  also  supports  more 
languages  and  will  be  offered  out¬ 
side  of  North  America  for  the  first 
time,  company  officials  said.  The 
software  is  available  in  North 
America  now  and  will  be  released 
elsewhere  next  month. 


Intel  Sees  Strong 
Revenue  in  Q4 

Intel  Corp.  said  it  expects  fourth- 
quarter  revenue  to  come  in  at  the 
high  end  of  the  range  it  projected 
earlier  in  the  quarter.  Citing 
strong  microprocessor  sales,  Intel 
said  business  should  total  be¬ 
tween  $8.5  billion  and  $8.7  bil¬ 
lion.  However,  the  company 
added  that  it  will  take  a  $600  mil¬ 
lion  charge  to  account  for  a  re¬ 
duction  in  the  long-term  growth 
forecast  for  its  wireless  network¬ 
ing  business  unit. 


Software  AG  Trims 
Development  Focus 

Darmstadt,  Germany-based  Soft¬ 
ware  AG  said  it’s  narrowing  the 
focus  of  its  software  development 
operations  to  two  product  lines  in 
a  cost-cutting  move.  The  compa¬ 
ny  will  concentrate  on  XML-based 
integration  tools  and  its  main¬ 
frame  software,  which  may  be  ex¬ 
panded  through  acquisitions.  In 
addition,  technical  support  for  the 
XML  tools  is  being  shifted  from 
Germany  to  India. 


Short  Takes 

YAHOO  INC.  upgraded  its  instant 
messaging  software  to  plug  a 
buffer  overrun  security  vulnerabil¬ 
ity  that  attackers  could  use  to  run 
malicious  code  on  unprotected 

systems _ DELL  INC.  is  offering 

a  Linux  distribution  developed  by 
Beijing-based  Red  Flag  Software 
Co.  on  most  models  of  the  Power- 
Edge  servers  it  sells  in  China. 


Guidelines  Released 
To  Craft  CSO  Position 

Job  requires  understanding  of  a  wide 
range  of  IT  and  other  risks,  group  says. 


BY  JAIKUMAR  VIJAYAN 

KNOWLEDGE  of  in¬ 
formation  security 
risk  management  is 
just  one  of  the  many 
skills  that  a  chief  security  offi¬ 
cer  needs  for  crafting,  influ¬ 
encing  and  directing  an  effec¬ 
tive  organizationwide  protec¬ 
tion  strategy. 

Increasingly,  the  job  also 
calls  for  an  understanding  of 
issues  as  diverse  as  emergency 
preparedness,  crisis  manage¬ 
ment  and  response,  physical 
security,  disaster  recoverabili¬ 
ty,  and  privacy  and  regulatory 
matters.  That’s  the  assessment 
of  Alexandria,  Va.-based  ASIS 
International,  a  33,000-mem¬ 
ber  group  of  security  profes¬ 
sionals  that  last  week  released 
draft  guidelines  that  compa¬ 
nies  can  use  when  developing 
CSO  positions. 

“There’s  been  a  lot  of  dis¬ 
cussion  on  the  need  for  organi¬ 
zations  to  create  a  centralized 
governance  function  for  many 
areas  of  risk,”  said  Jerry  Bren¬ 
nan,  president  of  Vienna,  Va.- 
based  Security  Management 
Resources  Inc.  and  one  of  the 
drafters  of  the  document. 

Defining  the  Job 

The  guidelines  are  the  result 
of  an  attempt  to  give  a  formal 
definition  of  the  scope,  re¬ 
sponsibilities,  reporting  rela¬ 
tionships  and  experience 
needed  to  do  the  job,  he  said. 

“There  wasn’t  much  avail¬ 
able  that  addressed  the  pulling 
together,  from  a  governance 
perspective,  of  all  of  the  areas 
of  security  risk  that  an  organi¬ 
zation  faces,”  Brennan  said. 

“So  we  decided  to  try  and 
craft  a  document  that  would 
be  broad-based  and  truly  rep¬ 
resent  what  the  CSO  position 
would  be  in  an  organization.” 

The  ASIS  guidelines  come 
at  a  time  when  a  growing 


number  of  security  profes¬ 
sionals  say  there  needs  to  be  a 
top-level  management  posi¬ 
tion  to  oversee  all  aspects  of 
operational  risk. 

“I  have  always  found  it  pre¬ 
posterous  to  suggest  that  there 
are  separate  disciplines  that 
require  separate  management” 
when  it  comes  to  operational 
security,  said  Dennis  Treece, 
director  of  corporate  security 
at  the  Massachusetts  Port  Au¬ 
thority  in  Boston. 

For  example,  installing  a  pri¬ 
vacy  officer  who  is  separate 
from  the  rest  of  the  security 
team  only  “fragments  the  ef¬ 
fort  and  ensures  that  the  phys¬ 
ical  and  virtual  aspects  of  pri¬ 
vacy  have  to  be  laboriously 
coordinated,”  Treece  said.  The 
same  is  true  when  it  comes  to 
having  separate  chief  informa¬ 
tion  security  officer  and  CSO 
functions.  “Having  been  both 
separately  and  now  both  at  the 
same  time,  I  can  state  with 
confidence  that  combining 
them  makes  the  most  sense,” 
he  added. 

Even  so,  security  profes¬ 
sionals  agree  that  only  a  rela¬ 
tively  small  number  of  compa¬ 


nies  have  created  a  formal 
CSO  function  because  of  the 
substantial  political  and  orga¬ 
nizational  challenges  that 
need  to  be  overcome  in  creat¬ 
ing  the  role.  Issues  such  as 
scope,  reporting  relationships 
and  ownership  of  risk  man¬ 
agement  functions  can  all  be 
sticking  points. 

Broadening  the  Scope 

The  popular  notion  of  the 
CSO  being  in  charge  solely  of 
IT  and  physical  security  func¬ 
tions  has  also  somewhat  limit¬ 
ed  the  effectiveness  of  the 
role,  said  David  W.  Stacy,  glob¬ 
al  IT  security  director  at  St. 
Jude  Medical  Inc.,  a  $1.6  bil¬ 
lion  manufacturer  of  medical 
equipment  in  St.  Paul,  Minn. 

“I  prefer  the  concept  of  the 
chief  risk  officer  that  encom¬ 
passes  these  two  areas”  while 
also  including  other  functions 
such  as  privacy,  risk  insurance 
and  regulatory  compliance, 
Stacy  said. 

“So,  moving  to  a  CSO  model 
that  only  deals  with  IT  securi¬ 
ty  and  physical  security  may 
be  a  logical  first  step  to  even¬ 
tually  getting  to  a  CRO  mod¬ 
el,”  he  added.  “But  even  hav¬ 
ing  a  CSO  would  be  a  revolu¬ 
tion,  as  opposed  to  an  evolu¬ 
tion,  in  many  organizations.” 


Model  Profile  of 
CSO  Function 

Global  security  policy  and 
procedures  administration 

Technology  and  infrastructure 
protection 

Information  risk  management 

Business  continuity;  crisis 
management  and  response 

Employee  risk  awareness 

Investigative  and  forensic 
services 

Safe  and  secure  workplace 
operations 

Executive  protection 


SOURCE:  ASIS  INTERNATIONAL.  ALEXANDRIA.  VA. 

But  some  security  profes¬ 
sionals  have  trouble  with 
the  concept  of  having  an  all- 
encompassing  role. 

For  one  thing,  “there  is  a 
huge  difference  between  the 
practice  of  physical  security 
management  and  information 
security  management,”  said 
Eddie  Schwartz,  chief  technol¬ 
ogy  officer  at  Securevision 
LLC,  a  Fairfax,  Va.-based  con¬ 
sultancy.  “While  both  disci¬ 
plines  have  the  use  of  technol¬ 
ogy  as  a  common  element,  the 
background  and  education  of 
the  practitioners  are  distinct.” 

There’s  also  the  danger  of 
rolling  far  too  many  functions 
under  the  CSO  umbrella, 
Schwartz  said.  “It’s  an  unnat¬ 
ural  organization  of  activities 
and  doomed  to  failure  in  most 
organizations,”  he  said. 

O  43322 


Relationship  Management  Key  Skill  for  CSO  Role 


Relationship  management  skills 
are  a  top  requirement  for  a  suc¬ 
cessful  chief  security  officer,  ac¬ 
cording  to  ASIS  International’s 
recently  released  draft  guide¬ 
lines  for  the  function. 

Because  of  the  wide  scope  of 
the  job,  CSOs  must  be  able  to 
“influence  and  nurture"  relation¬ 
ships  with  business-unit  leaders, 
government  officials  and  profes¬ 
sional  organizations,  according 
to  the  ASIS  guidelines. 

“Having  good  political,  collab¬ 
orative  and  marketing  skills  [is] 
critical  for  a  CSO  or  chief  risk  of¬ 


ficer,”  said  David  Stacy,  a  securi¬ 
ty  director  at  St.  Jude  Medical. 

Also  crucial  is  subject-matter 
expertise.  CSOs  must  either 
have  the  knowledge  themselves 
or  must  ensure  that  adequate 
technical  expertise  is  available  to 
cost-effectively  deliver  security 
services,  he  said. 

“Anyone  with  solid  experience 
in  one  or  more  of  the  risk  areas 
could  do  the  job,  as  long  as  [he 
is]  surrounded  with  experienced 
subject-matter  experts  and  actu¬ 
ally  listens  to  them,”  Stacy  said. 

“The  CSO  has  to  be  able  to 


carry  the  water  in  the  senior  ex¬ 
ecutive  environment,”  said  Den¬ 
nis  Treece,  director  of  corporate 
security  at  the  Massachusetts 
Port  Authority.  “This  means 
communicating  effectively  with 
the  CEO  and  the  board.  The  CSO 
must  know  how  to  create  and 
defend  a  budget  in  a  constrained 
fiscal  environment.  He  needs  to 
have  a  rbsumb  that  garners  re¬ 
spect  and  must  keep  that  re¬ 
spect  by  being  a  team  player,  not 
someone  who  is  always  crying 
that  the  sky  is  falling.” 

-JaikumarVijayan 
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IBM  Lures  EMC  Users  With 
New  Data-Migration  Offering 

Piper  technology  allows  for  transfers 
of  data  while  systems  remain  online 


BY  LUCAS  MEARIAN 

IBM  last  week  announced  a 
data  migration  technology  and 
services  designed  to  lure  EMC 
Corp.  storage  users  to  switch 
to  IBM  disk  arrays,  with  the 
promise  that  corporate  infor¬ 
mation  can  be  transferred  in  a 
nondisruptive  way. 

IBM’s  migration  program 
involves  100  consultants  in  its 
professional  services  business 
unit  who  have  been  trained  to 
use  a  new  device  called  Piper. 
The  appliance,  developed  over 
the  past  year,  uses  built-in 
data  migration  engines  to 
move  information  from  rival 
disk  arrays  to  IBM’s  products, 
including  its  Enterprise  Stor¬ 
age  Server  (known  as  Shark) 
and  FAStT  product  lines. 

Piper  splits  the  data  stream 
from  an  array  so  information 
can  flow  to  IBM’s  replacement 


storage  device  in  addition  to 
the  existing  host  server.  That 
allows  data  to  be  transferred 
while  the  system  stays  online, 
although  the  migration  speed 
is  slower  than  if  the  work  was 
done  off-line,  said  Lou  Sciac- 
chetano,  worldwide  vice  presi¬ 
dent  of  competitive  storage 
sales  at  IBM. 

Sciacchetano  said  Piper  can 
pull  data  from  storage  devices 
made  by  EMC  and  nine  other 
vendors.  But  IBM  is  targeting 
EMC  with  the  migration  ser¬ 
vice.  “There’s  lots  of  old,  pro¬ 
prietary  EMC  boxes  out  there 
—  30,000  by  my  last  count,” 
he  said. 

IBM  has  been  using  Piper  as 
part  of  a  beta-testing  program 
and  said  the  migration  offer¬ 
ing  has  already  helped  it  win 
over  former  EMC  users  like 
Royal  Caribbean  Cruises  Ltd., 


Minnesota’s  Hennepin  Coun¬ 
ty,  Insurance  Services  Office 
Inc.  and  the  U.S.  Department 
of  Agriculture. 

Bob  Cosby,  storage  adminis¬ 
trator  at  the  Department  of 
Agriculture’s  National  Finance 
Center,  said  he  completed  the 
second  phase  of  an  ongoing 
migration  from  two  older- 
model  EMC  Symmetrix  arrays 
to  an  IBM  Shark  over  the 
weekend  after  Thanksgiving. 
Cosby  wanted  to  upgrade  to 
newer  storage  technology  to 
gain  features  such  as  snapshot 
copying,  which  allows  instan¬ 
taneous  backups  of  data. 

Cosby  said  that,  with  IBM’s 
help,  he  transferred  about 
2.5TB  of  data  between  the  ar¬ 
rays  in  48  hours.  “The  thing  I 
love  about  it  is  you’re  not 
spinning  your  own  CPU  cy¬ 
cles,”  he  said,  noting  that  the 
migration  process  was  trans¬ 
parent  to  his  applications. 

According  to  Cosby,  EMC 
and  Hitachi  Data  Systems 


Corp.  bid  against  IBM  for  the 
finance  center’s  new  data  stor¬ 
age  contract.  Although  the  ri¬ 
val  arrays  were  comparable  in 
cost,  IBM  undercut  the  com¬ 
petition  on  storage  manage¬ 
ment  software,  he  added. 

EMC  doesn’t  use  an  appli¬ 
ance  similar  to  Piper  to  move 
data  to  its  arrays.  But  Chuck 
Hollis,  EMC’s  vice  president 
of  platform  marketing,  said  the 
Hopkinton,  Mass.-based  com¬ 
pany  has  offered  its  own  non¬ 
disruptive  migration  technolo¬ 
gy  since  1995.  “We  use  a  com¬ 
bination  of  host  software  and 
storage-based  replication,  cou¬ 
pled  with  a  rigorous  planning 


methodology',  to  execute  data 
migrations  with  a  minimum  of 
time,  effort  and  risk,”  Hollis 
said.  He  added  that  during  the 
past  two  years,  EMC  has  mi¬ 
grated  more  than  1,000TB  of 
IBM-stored  data  for  100-plus 
customers. 

Nonetheless,  Piper  gives 
IBM  a  leg  up  on  other  storage 
vendors,  said  Anne  MacFar- 
land,  an  analyst  at  The  Clipper 
Group  Inc.  in  Wellesley,  Mass. 
“These  days,  when  you  don’t 
have  that  weekend  window  all 
the  time  to  perform  data  mi¬ 
grations,  you’re  going  to  have 
to  do  it  while  things  are  up  and 
running,”  she  said.  ©  43287 


IBM’S  PIPER  APPLIANCE 


■  Has  two  configurations, 
one  for  migrating  mainframe 
data  and  another  (pictured) 
for  transferring  data  from 
Unix,  Windows  and  NetWare 
systems. 

■  Can  move  data  to  IBM’s 
Shark  and  FAStT  disk  arrays, 
plus  its  externally  attached 
7133  Serial  Disk  System. 

■  Is  designed  to  work  with 
storage  devices  made  by 
EMC  and  nine  other  vendors. 


NetApp  Signs  Partnering  Deals  to  Broaden  Data  Tools 


Adds  hardware, 
looks  for  help  on 
life-cycle  software 

BY  LUCAS  MEARIAN 

Network  Appliance  Inc.  last 
week  announced  partnerships 
with  Cisco  Systems  Inc.,  Veri¬ 
tas  Software  Corp.  and  FileNet 
Corp.  as  part  of  a  plan  to  offer 
integrated  storage  systems  for 
information  life-cycle  manage¬ 
ment,  regulatory  compliance 
and  disk-based  data  backup. 

In  addition,  NetApp  intro¬ 
duced  several  products,  in¬ 
cluding  two  new  file  servers 
and  an  upgraded  version  of  its 
NearStore  disk  array  for  sec¬ 
ondary  storage. 

The  Sunnyvale,  Calif.-based 
company  also  upgraded  an  ap¬ 
pliance  that  provides  network- 
attached  storage  (NAS)  file¬ 
serving  capabilities  to  storage- 


area  networks  (SAN),  using 
disk  arrays  from  other  ven¬ 
dors  for  back-end  storage 
(see  box). 

Regarding  its  partnerships, 
NetApp  said  it’s  qualifying  its 
storage  devices  for  use  with 
Cisco’s  MDS  9000  family  of 
multiprotocol  SAN  directors 
and  switches.  NetApp  also 
plans  to  resell  the  switches 
and  directors,  starting  with 
Cisco’s  MDS  9100  series  fabric 
switches.  Those  devices  will 
be  available  within  45  days, 
the  company  said. 

To  boost  its  bid  to  piece  to¬ 
gether  a  more  complete  set  of 
tools  for  automatically  con¬ 
trolling  data  throughout  its 
entire  life  cycle,  NetApp  also 
will  resell  FileNet’s  content 
management  software  and 
Veritas’  storage  and  data  man¬ 
agement  products. 

Carolyn  DiCenzo,  an  analyst 


at  Gartner  Inc.,  said  NetApp  in 
June  made  a  storage  manage¬ 
ment  application  program¬ 
ming  interface  available  for 
use  by  other  vendors  and  is 


PRODUCT  DETAILS 


Supports  both  file-  and 
block-level  data  and  scales  to 
32TB  of  capacity,  or  64TB  in  a 
clustered  configuration. 

Enhanced  version  of 
file-server  engine  for  integrating 
NAS  and  SAN  capabilities,  with 
new  support  for  IBM's  Shark  disk 
arrays. 

R20G:  Upgraded 
secondary-storage  disk  array  that 
scales  to  96TB  and  works  with 
enhanced  data  management 
software. 


now  trying  to  use  the  API  to 
expand  its  sales. 

The  deal  with  FileNet  lets 
NetApp  offer  FileNet’s  Image 
Manager,  Content  Manager 
and  Records  Manager  applica¬ 
tions.  Meanwhile,  NetApp  will 
integrate  Veritas’  Data  Life- 
cycle  Manager  and  NetBackup 
software  with  its  products. 

According  to  NetApp  offi¬ 
cials,  the  addition  of  Data  Life- 
cycle  Manager  will  enable 
storage  managers  to  do  policy- 
based  migration  and  archiving 
of  data  between  NetApp’s  de¬ 
vices  and  a  mix  of  servers. 
NetBackup  will  let  users  send 
backup  copies  of  data  on  Mi¬ 
crosoft  Exchange  servers  and 
file  systems  running  on  Win¬ 
dows,  Unix  and  Linux  hosts  to 
NearStore  arrays,  said  Rich 
Boberg,  NetApp’s  senior  direc¬ 
tor  of  technology  partnering. 

“Sixty  percent  of  our  cus¬ 


tomer  base  uses  Veritas  for 
tape-based  backup,”  Boberg 
said.  “Having  this  as  a  seam¬ 
less  transition  for  them  to  go 
from  tape  to  disk  backup  is  a 
huge  advantage  for  them.” 

Randy  Kerns,  an  analyst  at 
Evaluator  Group  Inc.  in  Green¬ 
wood  Village,  Colo.,  said  the 
information  life-cycle  manage¬ 
ment  plans  pit  NetApp  against 
storage  rival  EMC  Corp.  in  a 
new  way.  EMC  has  become  a 
competitor  to  both  Mountain 
View,  Calif.-based  Veritas  and 
Costa  Mesa,  Calif.-based 
FileNet  through  recent  deals 
to  acquire  software  vendors 
Legato  Systems  Inc.  and  Docu- 
mentum  Inc. 

The  alliances  make  sense 
from  that  standpoint,  Kerns 
said.  But  he  added  that  Net¬ 
App  is  “not  planning  on  be¬ 
coming  a  storage  management 
software  company.  They’re 
providing  capabilities  for  the 
companies  already  in  that 
space.”  ©  43323 
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IBM  Shifts  Focus 
On  Software  Sales 

IBM  said  it’s  reorganizing  and 
retraining  the  sales  force  in  its 
$13.1  billion  software  group  to 
increase  the  unit’s  focus  on  in¬ 
dustry-specific  sets  of  products. 
More  than  half  of  IBM’s  13,000 
software  sales  workers  wiil  be 
assigned  to  vertical  industries 
over  the  next  12  months.  IBM 
will  also  shift  its  marketing  and 
development  to  emphasize  appli¬ 
cation  packages  involving  its  five 
major  software  product  lines. 


Sun  Ends  Talks 
Over  Java  Deal . . . 

Sun  Microsystems  Inc.  said  it 
has  ended  negotiations  over  a 
deal  to  merge  its  NetBeans  Java 
development  framework  with 
the  open-source  Eclipse  technol¬ 
ogy  backed  by  IBM.  Sun  said  it 
withdrew  from  the  talks  because 
the  company  wasn’t  offered 
“an  equitable  share  in  mutual 
development.”  IBM  declined  to 
comment. 


. . .  And  Rolls  Out 
Blades,  Software 

In  other  Sun  news,  the  company 
announced  a  series  of  products 
at  its  European  SunNetwork  con¬ 
ference,  including  a  blade  server 
offering  that  supports  devices 
based  on  both  its  UltraSparc 
processors  and  Intel  Corp.’s  x86 
chips.  Sun  also  released  server 
and  desktop  software  bundles 
with  per-employee  pricing  it 
detailed  in  September  [QuickLink 
41523], 


Linux  Kernel  Raw 
Blamed  for  Attack 

The  developers  of  the  open- 
source  Oebian  Linux  software 
said  a  recent  intrusion  into  four 
of  its  servers  was  enabled  by  a 
flaw  in  the  Linux  2.4  kernel.  The 
vulnerability  affects  versions  of 
the  kernel  prior  to  Linux  2.4.23. 
Patches  were  posted  by  Red  Hat 
Inc.  and  other  Linux  developers. 
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MARK  HALL  ■  ON  THE  MARK 

SonicWaU  Boomed  at 
The  Comdex  Show . . . 

. . .  says  marketing  VP  Douglas  Brockett,  who  acknowledged  that  his 
experiences  might  be  contrary  to  those  of  other  companies  reported 
in  this  paper  and  elsewhere.  Even  given  his  satisfaction,  he’s  not  sure 
whether  the  venerable  trade  show,  or  any  general  technology  trade 
show  for  that  matter,  will  make  it  into  his  marketing  budget  in  2004 
and  beyond.  “IT  experts  will  get  their  less-technical  information  on  the  Web,’ 
Brockett  argues.  But  you  won’t  just  travel  in  the  virtual  world;  he 


thinks  you’ll  be  heading  to  smaller,  tar¬ 
geted  conferences,  “where  like-minded 
people  will  discuss  matters  of  common 
interest  in  detail.”  Brockett  claims  the 
small  but  steady  stream  of  Comdexers 
who  visited  Sonic  Wall  Inc.’s  booth  were 
attracted  by  the  low-cost  TZW  line  of  se¬ 
cure  wireless  network  units  that  fits  well 
into  remote-office  operations  and  will  be 
upgraded  to  802.11g  next  year.  The  fact 
that  the  Sunnyvale,  Calif.-based  company 
resells  its  Pro  3060  and  Pro  4060  virtual 
private  network  con¬ 
centrators  to  Cisco  Sys¬ 
tems  Inc.  probably  gave 
corporate  IT  booth  visitors 
warm  fuzzies  as  well. 

They  also  undoubtedly 
liked  hearing  about  the 
2004  firmware  upgrades 
to  the  Pro  line  that  will 
let  them  handle  a  mix  of 
Secure  Sockets  Layer 
(SSL)  and  IPsec  traffic, 
cutting  down  on  the 
number  of  systems  to 
manage  while  giving 
users  the  levels  of  se¬ 


cure  access  they  need  for  the  applica¬ 
tions  they  want  to  use.  ■  If  you  really  want 
secure  communications,  go  fax.  “Faxes  are 
traceable,  hackproof  and  virusproof,” 
claims  Mark  Malone,  senior  product 
manager  for  Captaris  Inc.’s  RightFax  fam¬ 
ily.  The  company’s  products  link  into  ap¬ 
plication  workflows,  from  supply  chains 
to  law-office  operations.  In  the  RightFax 
world,  pages  are  sent  electronically  to  PC 
desktops  or  fax  printers,  Malone  says,  so 
there’s  more  flexibility  and  control  about  who 
sees  what  and  when.  He 
boasts  that  RightFax 
has  a  good  chunk  of 
market  share  already, 
yet  the  client/server 
product  will  be  over¬ 
hauled  by  the  third 
quarter  of  next  year. 
The  software  is  being 
redesigned  using  .Net 
and  will  swap  out  its  pro¬ 
prietary  Raima  database 
for  either  Microsoft  SQL 
Server  or  MySQL.  But 
users  won’t  have  to 
wait  that  long  to  see 


other  changes.  In  February,  Release  8.7 
will  have  improved  support  for  Notes  and 
Exchange,  and  a  couple  of  months  later, 
Version  9.0  will  include  antispam  features. 
If  you’re  in  the  health  care  market,  you 
have  to  wait  only  until  next  month  to  get 
HIPAA  privacy  features.  That  means  lab 
techs  can  see  only  the  patient  data  that’s 
relevant  to  them  and  administrators  can 
access  even  less.  ■  Less  is  more  for  the 
developers  at  Scapa  Technologies  Ltd.  in 
Edinburgh.  Scapa  is  a  major  contributor 
to  Hyades,  the  monitoring  and  testing 
project  for  the  open-source  Eclipse 
framework.  CEO  Michael  Norman  says 
that  by  leveraging  Hyades  inside  Eclipse, 
his  team  will  have  to  crank  out  only  20%  of 
the  code  needed  to  deliver  plug-in  tools 
for  software  writers.  Granted,  the  80% 
delivered  by  the  open-source  community 
is  the  relatively  easy  infrastructure  part. 
Still,  it  means  Scapa’s  plug-ins  will  get  to 
market  faster,  like  the  Jan.  1  release  of 
Scapa  StressTest-Express.  Designed  for 
e-commerce  applications,  the  testing  tool 
can  simulate  an  unlimited  number  of 
users  running  an  application  through  its 
paces,  banging  on  everything  from  SSL  to 
database  access.  Norman  expects  Scapa 
to  eventually  deliver  testing  tools  for 
Web-based  applications  using  SAP  and, 
he  hopes,  Oracle.  ■  Eclipse  is  being 
spearheaded  by  IBM,  which  sees  the  de¬ 
velopment  framework  as  an  alternative  to 
Microsoft  Corp.’s  .Net.  But  Eclipse’s  ris¬ 
ing  popularity  means  IBM  will  need  to  re¬ 
linquish  control  of  the  project.  Already  at 
60  IT  vendor  members  and  growing 
monthly,  “it  needs  to  break  away  from  the 
mother  ship,”  Norman  says.  He  predicts 
the  next  executive  director  of  Eclipse  won’t  be 
from  IBM.  Once  that  happens,  expect  to 
see  the  likes  of  Oracle  Corp.  and  Sun  Mi¬ 
crosystems  Inc.  jump  on  board.  Microsoft, 
too?  Not  in  your  wildest  dreams.  O  43310 


ARath  to  Better  Apps 


Candle  Corp.  in  El  Segundo,  Calif., 
tomorrow  will  release  six  packages 
for  J2EE  or  WebSphere-based  ap¬ 
plication  integration  projects.  As 
part  of  the  PathWAI  line  of  services 
and  tools,  Candle  will  offer  four 
new  consulting  services  for  devel¬ 
opers  -  two  for  J2EE  and  two  for 
application  integration  work.  Not  to 
mention  a  Workbench  tool  set  de¬ 
signed  to  improve  application  seal- 
ability  and  performance. 


CA  Offers  New  Option  for 
Web  Services  Management 


BY  CAROL  SLIWA 

Companies  that  have  reached 
the  stage  where  they  need  to 
manage  Web  services  have 
typically  had  to  turn  to  small, 
specialty  vendors  for  assis¬ 
tance.  But  they  will  get  a  new 
option  today  when  Computer 
Associates  International  Inc. 
releases  the  latest  addition  to 
its  Unicenter  product  line. 

Unicenter  Web  Services 
Distributed  Management 
(WSDM)  can  be  embedded 
into  both  Java-  and  .Net-based 


application  servers  to  natively 
observe  XML  traffic  in  real 
time,  according  to  Marc  Camm, 
a  director  of  business  develop¬ 
ment  at  CA.  He  said  the  ap¬ 
proach  will  give  users  a  better¬ 
performing  option  than  the 
agent-  and  proxy-based  prod¬ 
ucts  in  the  market  provide. 

“Each  application  server  has 
its  own  SOAP  stack,  and  we 
live  at  that  level,”  Camm  said. 
He  said  the  Unicenter  WSDM 
leverages  a  company’s  existing 
infrastructure  and  needs  to  be 


installed  at  only  one  of  the 
endpoints  of  the  Web  services 
application.  “There’s  no  need 
for  a  new  logical  or  physical 
tier,”  he  said. 

Nick  Gall,  an  analyst  at  Meta 
Group  Inc.,  said  he  has  seen 
little  user  demand  for  Web 
services  management  products 
to  date.  He  estimated  that  he 
has  spoken  with  no  more  than 
20  clients  that  have  enough 
Web  services  in  production  to 
warrant  management  tools. 

But  Gall  said  the  CA  an¬ 
nouncement  is  noteworthy  be¬ 
cause  a  major  vendor  is  finally 
shipping  a  product  in  the  Web 
services  management  market, 
even  though  it’s  just  a  1.0  re¬ 


lease.  He  added  that  the  prod¬ 
uct  will  eventually  comply 
with  standards  being  devel¬ 
oped  through  the  Organiza¬ 
tion  for  the  Advancement  of 
Structured  Information  Stan¬ 
dards  in  Billerica,  Mass. 

CA  said  its  latest  Unicenter 
offering  is  part  of  a  collection 
of  products  that  will  enable 
end-to-end  management  of  a 
Web  services  environment. 

Pricing  for  Unicenter 
WSDM  starts  at  $25,000  per 
server.  The  product  can  be 
embedded  into  application 
servers  from  BEA  Systems 
Inc.,  IBM,  Microsoft  Corp., 
The  JBoss  Group  LLC  and  Sun 
Microsystems  Inc.  O  43335 
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POWER  RACK 


Open,  adaptable  and  integrated 
architecture  for  on-demand 
network-critical  physical  infrastructure 


Experts  and  Editors  agree... 

"...availability  and  monitoring  features 
equal  its  battery  room-sized 
competition  at  half  the  cost... " 

Tom  Henderson,  Global  Test  Alliance 

Network  World  8/19/02 
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we  were  ame 


cut  overall 
equipment  and 


management  costs. 


Eric  Ubels,  CIO,  and  Guus  Van  Velzen,  Principal  Architect 

Deloitte 

— : - . _  .  ...  ■  ammo  a  WV  _  .  , 

"...solid  performance  and  price  lead  us 
to  give  InfraStruXure’ "  a  score 
of  10  for  value  -  a  score  neither  one 
of  us  have  ever  awarded  before. " 


n^n 


Oliver  Rist,  Senior  Contributing  Editor 
Brian  Chee,  Industry  Expert 

InfoWorld  9/01/03 


Find  Out 
the  Secrets 
of  Real-time 
Infrastructure! 

View  the  Deloitte  case 
study  video. 

Download  white  papers 
of  your  choice  on  optima! 
real-time  infrastructure. 


The  industry's  only  patent-pending,  network-critical  phys¬ 
ical  infrastructure  (NCPI),  InfraStruXure  significantly 
decreases  the  total  cost  of  ownership  through: 


Accelerated  Speed  of  Deployment 

Electrical/physical  modularity  allows  for  rapid 
installation  with  minimal  engineering. 


Minimized  Human  Error 

Simplicity  of  design  and  intelligent  modules  increase 

system  availability  by  mitigating 

human  error  -  the  #1  cause  of  downtime. 


Quick  Fault  Recovery 

Compartmentalize  potential  failures  with 
intelligent,  maintainable  modules. 


Modularity  for  Ease  of  Growth 

Pay  as  you  grow  and  redeploy  modular 
components  as  needed. 


Find  out  how  you  can  benefit  from  InfraStruXure 's 
innovative  architecture.  Visit  us  today  at  www.apc.com. 


“APC  had  the  plan  of  building  air  conditioning  systems 
in  the  rack.  In  a  traditional  data  center,  you  always  have 
racks  which  are  totally  filled  with  CPUs  and  which  become 
very  hot.  Then  you  have  racks  which  are  not  deployed  at  all. 
To  manage  the  energy,  the  warmth  and  the  consumption  of 
electricity  in  those  racks,  we  believe  that  with  APC  we 
have  found  the  right  solution. " 

Deloitte  on 

InfraStruXure"  Benefits 

"We  have  also  enhanced  our 
security,  systems  stability 
optimization,  time  to  market 
and  office  operations. 

With  InfraStruXure “ 
you  can  get  it  right  in  one 

attempt. " 


Deloitte  is  only  one  of  the  latest  partners  benefiting 
from  InfraStruXure 's  open,  adaptable,  and  integrated 
approach  to  data  center  design. 


Deloitte  on 
InfraStruXure™  AIR 
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DOD,  Corporate  RFID 
Backers  Seek  Standard 


Pentagon  official  says  two  sides  are 
close  to  deal  on  common  specifications 


BY  BOB  BREWIN 


A  KEY  PENTAGON  sup¬ 
ply  chain  official 
last  week  said  the 
U.S.  Department  of 
Defense  is  working  with  EPC- 
global  Inc.  to  develop  radio 
frequency  identification 
(RFID)  standards  that  could 
satisfy  the  needs  of  both  cor¬ 
porate  and  military  users. 

Alan  Estevez,  assistant 
deputy  undersecretary  of  De¬ 
fense  for  supply  chain  integra¬ 
tion,  said  during  a  press  brief¬ 
ing  that  the  standards  process 
is  complex.  But  Estevez  added 
that  he  thinks  the  DOD  and 
Boston-based  EPCglobal  can 
agree  on  common  standards 
“in  a  matter  of  months.” 

The  possibility  that  suppli¬ 
ers  would  have  to  support  two 
sets  of  RFID  standards  arose 
in  October,  after  the  DOD 
mandated  the  use  of  RFID  tags 
on  shipping  pallets  and  crates 
starting  in  early  2005  —  a 
deadline  similar  to  one  that 
Wal-Mart  Stores  Inc.  has  set 
for  its  top  suppliers. 


EPCvs.  ISO 

Wal-Mart  and  other  corporate 
users  plan  to  adopt  the  elec¬ 
tronic  product  code  (EPC) 
standards  being  developed  by 
EPCglobal.  But  the  Pentagon 
said  the  tags  its  suppliers  use 
will  have  to  conform  to  speci¬ 
fications  from  the  Internation¬ 
al  Standards  Organization 
[QuickLink  42347], 

The  DOD  and  EPCglobal 
are  now  cooperating  to  devise 
a  set  of  standards  that  could 
be  incorporated  into  the  ISO’s 
work,  according  to  Estevez. 

He  added  that  the  passive 
RFID  devices  Wal-Mart  wants 
to  use  in  its  supply  chain 
should  accommodate  most 
of  the  DOD’s  requirements, 
although  military  officials  are 
seeking  a  data  storage  capaci¬ 
ty  that’s  larger  than  the  96-bit 


limit  supported  by  existing 
commercial  tags. 

The  expanded  capacity  is 
needed  to  support  the  unique 
identification  numbers  that 
the  DOD  assigns  to  “high-val¬ 
ue”  goods  that  cost  more  than 
$5,000,  Estevez  said.  The  tags 
used  by  the  military  will  also 
have  to  be  capable  of  handling 
multiple  reads  and  writes  of 
data,  he  added. 

Mike  Liard,  an  analyst  at 
Natick,  Mass.-based  Venture 
Development  Corp.,  said 
blending  EPCglobal’s  stan¬ 
dards  into  the  ISO’s  specifi¬ 
cations  would  alleviate  the 
added  costs  that  suppliers  say 


they  will  face  if  the  DOD  and 
Wal-Mart  support  different 
approaches. 

In  addition,  both  Wal-Mart 
and  the  Pentagon  could  reap 
economic  gains  from  using  the 
so-called  Class  1,  Version  2  tag 
envisioned  by  EPCglobal, 

Liard  said.  That’s  because 
Texas  Instruments  Inc.  and 
Royal  Philips  Electronics  NV 
are  both  gearing  up  to  pro¬ 
duce  the  new  devices  in  large 
quantities,  which  is  expected 
to  result  in  lower  costs  com¬ 
pared  with  existing  RFID  tags. 

Estevez  declined  to  say 
how  much  it  will  likely  cost 
the  DOD  to  install  the  IT  in¬ 
frastructure  needed  to  sup¬ 
port  RFID  in  its  supply  chain, 
including  the  addition  of 
RFID  readers  in  warehouses 


Rollout  Plans 


Will  start  in  January  2005 

Wants  its  top  100  suppliers 

with  its  top  100  suppliers;  ex¬ 

to  begin  using  RFID  in  Janu¬ 

pects  all  suppliers  to  adopt 

ary  2005  and  its  top  500  to 

RFID  by  the  start  of  2006 

do  so  by  July  of  that  year 

Initial  deployments  planned 

Is  mandating  that  all  its 

at  Texas  distribution  centers 

suppliers  use  the  technology 

serving  about  150  stores 

by  January  2006 

and  supply  depots. 

He  acknowledged  that  it’s 
unrealistic  to  expect  all  of  the 
military’s  43,000  suppliers  to 
begin  using  RFID  tags  by  Janu¬ 
ary  2005.  Estevez’s  statement 
came  one  day  after  the  DOD 
disclosed  more  details  about 
its  RFID  plans  to  key  suppliers 
at  a  meeting  in  Fairfax,  Va. 

In  a  presentation  at  the 
RFID  meeting,  Estevez  said 
the  Pentagon  wants  to  get  its 
top  100  suppliers  on  board 
with  RFID  tags  by  the  start  of 
2005  and  add  another  400 
companies  by  the  middle  of 
that  year.  All  suppliers  should 


begin  using  the  devices  by  Jan¬ 
uary  2006,  he  added. 

Some  attendees  at  the  RFID 
meeting  described  it  as  more 
collaborative  than  a  similar 
event  Wal-Mart  held  for  its 
suppliers  last  month.  But 
Estevez  said  the  DOD  has 
“drawn  a  line  in  the  sand” 
on  the  use  of  RFID  tags. 

“It’s  going  to  be  in  every 
contract,”  he  said.  ©  43341 


IN  NEXT  WEEK’S  ISSUE 

Smart  Tags,  High  Costs:  Readabout 
the  R0I  challenges  RFID  users  face. 
COMING  DECEMBER  15 


Users  Benefit  From  Business  Performance 
Tools  but  Say  Rollouts  Pose  Challenges 


Software  supports 
planning,  tracks 
financial  targets 


BY  MARC  L.  SONGINI 

BOSTON 


Companies  can  improve  their 
internal  operations  and  slash 
costs  through  the  use  of  busi¬ 
ness  performance  manage¬ 
ment  (BPM)  tools,  according 
to  attendees  at  a  conference 
on  the  technology.  But  there 
are  considerable  challenges  to 
be  surmounted,  they  warned. 

BPM  projects  involve  the 
use  of  business  intelligence 
software,  such  as  balanced 
scorecard  or  analytic  applica¬ 
tions,  to  help  executives  pre¬ 
pare  plans  and  analyze  corpo¬ 
rate  performance  via  a  dash¬ 
board-style  user  interface. 

The  need  for  CEOs  and 
chief  financial  officers  to  com¬ 
ply  with  the  accounting  and 
reporting  mandates  of  the 
Sarbanes-Oxley  Act  has  given 
the  BPM  market  a  boost,  said 


Craig  Schiff,  CEO  of  BPM  Part¬ 
ners  Inc.  The  Stamford,  Conn- 
based  consulting  firm  co-spon¬ 
sored  last  week’s  Performance 
Management  Conference  with 
the  Digital  Consulting  Insti¬ 
tute  in  Andover,  Mass. 

A  BPM  system  can  deliver  a 
holistic  view  of  business  per¬ 
formance,  allowing  executives 
to  identify  revenue  and  cost 
savings  opportunities,  Schiff 
said.  But  software  costs  can 
range  from  $75,000  to  more 
than  $500,000,  he  added. 

And  setting  up  BPM  proc¬ 
esses  can  be  difficult,  accord- 


NEW  DEVELO  MENTS 


Geac  announced  a  set  of  BPM 
tools  that  combines  software 
it  bought  in  two  acquisitions  this 
year.  Available  now. 

BPM  Partners  said  it's  develop¬ 
ing  dashboard-style  user  inter¬ 
faces  tailored  for  different  in¬ 
dustries,  with  prebuilt  charts, 
graphs  and  performance  gauges. 
Due  next  month. 


ing  to  a  half-dozen  users. 

“The  biggest  challenge,  and 
I  don’t  care  what  kind  of  con¬ 
sultant  you  get  or  what  you 
do,  [is  that]  you  truly  have  to 
understand  what  drives  your 
business,”  said  Celia  Spitz, 
vice  president  of  planning  and 
analysis  at  Miami-based  Vitas 
Healthcare  Corp.,  which  pro¬ 
vides  hospice  services. 

IT  and  business  managers 
who  are  implementing  BPM 
systems  must  decide  “what 
the  critical  bits  of  information 
are  that  make  a  difference  in  a 
business,”  Spitz  noted.  “If  you 
don’t,  it’s  just  regurgitating 
data  for  ‘analysis  paralysis’ 
and  doesn’t  tell  you  anything.” 

Vitas  Healthcare  uses  a 
homegrown  executive  dash¬ 
board  that’s  connected  to  on¬ 
line  analytical  processing  soft¬ 
ware  developed  by  Applix  Inc. 
in  Westboro,  Mass.  Spitz  said 
the  BPM  system  has  helped 
the  company  reduce  its  auto¬ 
mileage  and  overtime  costs. 

RSA  Security  Inc.  uses  soft¬ 


ware  that  was  developed  by 
Comshare  Inc.,  which  is  now 
part  of  Markham,  Ontario- 
based  Geac  Computer  Corp., 
to  measure  whether  financial 
targets  are  met.  The  software 
has  paid  for  itself,  said  David 
Stack,  manager  of  corporate 
financial  planning  and  analy¬ 
sis  at  RSA,  a  security  software 
vendor  in  Bedford,  Mass. 

But  Stack  added  that  mea¬ 
suring  how  much  of  a  return 
on  investment  RSA  is  getting 
is  hard  because  many  of  the 
performance  improvements 
made  possible  by  the  BPM 
system  are  qualitative. 

For  Viasys  Healthcare  Inc., 
the  toughest  part  of  its  BPM 
rollout  was  ensuring  that  end 
users  employed  the  system, 
because  its  blueprint  validates 
the  accuracy  and  consistency 
of  data,  said  Matt  Gualtieri,  fi¬ 
nance  project  manager  at  the 
medical  products  maker  in 
Conshohocken,  Pa. 

But  the  hard  work  has  paid 
off,  Gualtieri  added.  “I  think 
the  pain  and  effort  of  going 
through  implementing  a  sys¬ 
tem  like  this  is  worth  it,  be¬ 
cause  it  forces  you  to  do 
things  better.”  ©  43334 
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Hyper-Security. 


Hyper-Threading  Technology  from  Intel. 

S' Why  choose  between  PC  security  and 
PC  performance?  The  Inter  Pentium"  4 
Processor  with  HT  Technology  is 
engineered  to  let  PCs  do  two  things  at 
once  —  without  the  frustrating  lags?  So 
you  can  run  a  background  virus  scan 
as  you  get  some  real  work  done. 

Get  all  the  details  at  intel.com/go/ht. 


*Look  for  systems  with  the  Intel*  Pentium*  4  Processor  with  HT  Technology  logo  which  your  system  vendor  has  verified  utilize  Hyper-Threading  Technology.  Performance  will  vary  depending  on  the  specific  hardware 
and  software  you  use.  See  www.intel.com/info/hyperthreading  for  information.  ©2003  Intel  Corporation.  Intel  and  the  Intel  Inside  logos  plus  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or 
its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 
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3Com,  EDS  Agree 
On  Reseller  Deal 

Continuing  an  effort  to  revitalize 
its  enterprise  networking  sales, 
3Com  Corp.  announced  a  deal  for 
Electronic  Data  Systems  Corp.  to 
resell  its  routers,  switches  and 
voice  products.  The  global  agree¬ 
ment  is  3Com’s  first  with  a  top- 
level  IT  services  provider.  But  EDS 
said  the  deal  isn’t  as  comprehen¬ 
sive  as  an  existing  one  it  has  with 
3Com  rival  Cisco  Systems  Inc. 


Canadian  Railway 
Hands  IT  to  IBM 

Canadian  Pacific  Railway  Ltd. 
said  it  has  signed  a  seven-year, 
$154  million  (U.S.)  outsourcing 
deal  with  IBM  Canada  Ltd.,  which 
will  manage  the  Calgary,  Alberta- 
based  railroad  company’s  IT  in¬ 
frastructure.  About  100  IT  work¬ 
ers  at  Canadian  Pacific  Railway 
are  being  transferred  to  the  IBM 
subsidiary  along  with  data  cen¬ 
ters  in  Calgary  and  Toronto. 


CGI  Signs  Two 
Outsourcing  Pacts 

Montreal-based  CGI  Group  Inc. 
announced  a  pair  of  IT  outsourc¬ 
ing  contracts.  CGI  said  it  will 
manage  all  IT  operations  at  Alcan 
Inc.’s  Rolled  Products  North 
America  division  in  Cleveland  as 
part  of  a  10-year,  $113  million  deal. 
In  addition,  CGI  has  signed  a  10- 
year,  $167  million  contract  with 
The  Robert  Plan  Corp.,  a  Beth- 
page,  N.Y.-based  auto  insurer. 


Hong  Kong  Firm  Is 
Top  Pivotal  Bidder 

Pivotal  Corp.,  a  CRM  software 
vendor  in  Vancouver,  British  Co¬ 
lumbia,  said  a  unit  of  Hong  Kong- 
based  Chinadotcom  Corp.  has 
topped  two  other  buyout  bidders 
with  a  $52  million  offer.  Pivotal 
last  month  agreed  to  sell  itself  to 
an  investment  firm  that  wanted  to 
marge  the  company  with  Talisma 
Corp.  in  Kirkland,  Wash.  But  the 
investment  firm  last  week  said  it’s 
releasing  Pivotal  from  that  deal. 


Las  Vegas  Schools  Mix  IP, 
Digital  Communications 

$31M  project  includes  new  backbone 
network,  plus  27,000  dual-mode  phones 


BY  MATT  HAMBLEN 

HE  PUBLIC  SCHOOLS 
in  Las  Vegas  are  near¬ 
ing  the  midpoint  of  a 
backbone  network  in¬ 
stallation  that  will  support  one 
of  the  largest  IP-enabled  phone 
systems  deployed  worldwide 
—  a  communications  upgrade 
that’s  expected  to  cost  a  total 
of  $31  million. 

By  early  January,  half  of  the 
289  schools  in  the  Clark  Coun¬ 
ty  School  District  will  be  con¬ 
nected  to  an  IP-based  metro¬ 
politan-area  network  based  on 
Alcatel  SA’s  OmniPCX  Enter¬ 
prise  technology,  said  Philip 
Brody,  the  school  system’s 
chief  technology  officer.  The 
MAN  rollout  is  budgeted  at 
$15  million  and  should  be 
completed  next  November. 

Clark  County,  the  nation’s 
sixth-largest  school  district, 
is  spending  an  additional  $16 
million  to  outfit  its  offices  and 
every  classroom  with  about 
27,000  Alcatel  phone  sets  that 
can  operate  in  both  digital  and 
IP  modes.  About  5,000  phones 
have  been  installed,  and  Brody 
said  that  project  will  take  an¬ 
other  two  years  to  finish. 

Explosive  Growth 

The  MAN  and  the  dual-mode 
phone  system  are  designed  to 
to  support  the  school  system’s 
explosive  growth.  The  district, 
which  serves  268,000  students 
and  has  30,000  workers,  is 
adding  new  schools  at  the  rate 
of  one  per  month. 

“This  is  a  crazy  place,  not 
just  because  it’s  Vegas,  but  this 
is  also  an  incredible  jugger¬ 
naut  of  education  and  tech¬ 
nology,”  Brody  said. 


MORE  NEWS 

Avaya  is  announcing  an  upgrade  of  its  IP 
telephony  software,  plus  a  series  of  new 
hardware  devices  and  phones: 

QuickLink  43364 
www.computerworld.com 


The  phones  will  be  used 
primarily  in  digital  mode  in 
order  to  take  advantage  of  dig¬ 
ital  wiring  that  was  recently 
installed  in  two-thirds  of  Clark 
County’s  schools.  But  some  of 
the  phones  will  be  IP-based, 
Brody  said.  In  addition,  the 
fiber-optic  links  and  Gigabit 
Ethernet  switches  being  built 
into  the  MAN  support  IP. 

The  hybrid  plan  was  recom¬ 
mended  by  a  consulting  firm 
three  years  ago,  Brody  said.  St. 
Louis-based  Dietrich  Lockard 
Group  Inc.  said  the  school  dis¬ 
trict  could  save  $2  million  per 


Web-based  tool 
creates  drawings, 
measures  IT  needs 

BY  MATT  HAMBLEN 

Software  start-up  Visual  Net¬ 
work  Design  Inc.  this  week 
plans  to  launch  its  first  prod¬ 
uct,  a  Web-based  tool  for  creat¬ 
ing  drawings  and  reports  that 
can  help  streamline  the  process 
of  designing  racks  for  network¬ 
ing  and  storage  devices. 

The  product,  called  Rack- 
wise,  is  aimed  at  systems  inte¬ 
grators  and  corporate  IT 
staffers  who  plan  and  config¬ 
ure  the  racks  that  hold  switch¬ 
es,  server  blades,  cables  and 
other  equipment.  A  propri¬ 
etary  database  uses  drawings 
created  by  Rackwise  to  calcu¬ 
late  power,  air-cooling  and 
space  requirements,  said  Em¬ 
mett  DeMoss,  CEO  of  Visual 
Network  in  Burlingame,  Calif. 

Jasmine  Noel,  an  analyst  at 
Ptak,  Noel  and  Associates  in 
Cambridge,  Mass.,  said  Cisco 
Systems  Inc.  and  other  big 
networking  vendors  sell  con- 


year  by  installing  a  converged 
voice  and  data  network. 

Another  advantage  of  an  IP- 
enabled  system  is 
that  teachers  will  be 
able  to  make  emer¬ 
gency  calls  from 
their  classrooms,  but 
incoming  calls  can 
be  routed  elsewhere 
to  avoid  class-time 
interruptions.  “We 
never  had  a  public 
meeting  about  this 
project  where  the 
need  to  have  a  ‘do 
not  disturb’  feature  didn’t 
come  up,”  Brody  said. 

To  protect  against  potential 
network  failures,  every  build¬ 
ing  will  retain  one  line  to  the 


figuration  tools  for  their  own 
products.  “But  the  minute  you 
mix  and  match  hardware, 
they’re  useless,”  she  noted. 

Both  Noel  and  John  Mad¬ 
den,  an  analyst  at  Boston- 
based  Summit  Strategies  Inc., 
said  Rackwise  could  be  help¬ 
ful  as  large  corporate  users  be¬ 
gin  reorganizing  their  IT  ar¬ 
chitectures  around  the  con¬ 
cepts  of  dynamic  computing, 
virtualization  and  policy- 
based  management. 

At  companies  that  adopt 
so-called  adaptive  business 
processes,  systems  managers 
will  need  automated  tools  to 
help  them  quickly  rewire  and 


NEW  SOFTWARE 


A  Web-based, 
cross-platform  tool  for 
designing  and  configuring 
the  system  racks  that  hold 
networking  devices  and  other 
data  center  equipment 

$2,400  for  a  single- 
user  license 


circuit-switched  public  tele¬ 
phone  system,  he  added. 

Paris-based  Alcatel’s  net¬ 
working  hardware  and  soft¬ 
ware  was  sold  to  Clark  County 
by  Verizon  Communications 
in  New  York.  Verizon  has  also 
provided  project  management 
and  installation  support, 
according  to  Brody. 

Elizabeth  Herrel, 
an  analyst  at  For¬ 
rester  Research  Inc. 
in  Cambridge,  Mass., 
said  the  predictions 
of  millions  of  dollars 
in  annual  savings  are 
realistic  because  the 
new  system  will  re¬ 
quire  less  switching 
hardware  at  each  lo¬ 
cation.  “IP  telephony 
is  a  practical  solu¬ 
tion,  especially  in  places  such 
as  schools  or  banks  where 
there  are  many  offices,  class¬ 
rooms  and  branches,”  Herrel 
said.  O  43301 


reconfigure  systems,  they  said. 

Chris  Shoop,  the  top  execu¬ 
tive  at  systems  integrator 
Conexus  Technologies  LLC  in 
West  Chester,  Ohio,  has  used 
Rackwise  since  May  and 
hopes  to  become  a  reseller  of 
the  software.  Shoop  said  he 
uses  the  technology  to  help 
“describe  what  the  end  deliv¬ 
erable  will  look  like”  when 
Conexus  is  configuring  system 
setups  for  clients. 

Shoop  said  Rackwise  has 
also  accelerated  the  design 
process,  reducing  jobs  that 
took  three  hours  with  some 
computer-aided  design  tools 
to  as  little  as  five  minutes. 

“Designing  systems  is  typi¬ 
cally  a  hairy  process  and  not 
well  planned,”  he  said.  “Proj¬ 
ects  tend  to  happen  pretty 
quickly,  with  the  end  users  or¬ 
dering  a  bunch  of  software 
and  hardware  and  as  an  after¬ 
thought  realizing  they  need  to 
connect  it  to  more  power  or 
slam  it  all  in  a  rack.” 

But  Shoop  said  one  feature 
that  he  hopes  to  see  in  future 
versions  of  Rackwise  is  sup¬ 
port  for  planning  and  design¬ 
ing  a  series  of  racks  within  a 
larger  system.  Visual  Network 
plans  to  do  so  in  the  next  revi¬ 
sion,  DeMoss  said.  ©  43309 


Start-up  Aims  Software  at 
Design  of  Data  Center  Racks 
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expects  to  save 
millions  annually. 
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PeopleSoft  to  Change  Fees 
For  J.D.  Edwards  Products 


Goal  is  to  unify 
pricing  model  for 
ERP  applications 
from  both  vendors 


BY  STACY  COWLEY 

STARTING  EARLY  next 
year,  PeopleSoft  Inc. 
will  unify  the  pricing 
models  for  its  Enter¬ 
prise  software  line  and  the  En- 
terpriseOne  line  built  around 
the  applications  it  picked  up 
through  its  August  acquisition 
of  J.D.  Edwards  &  Co.  —  a 
change  that  will  alter  the  li¬ 
censing  structure  J.D.  Edwards 
customers  are  accustomed  to. 
After  the  J.D.  Edwards  ac¬ 


quisition,  Pleasanton,  Calif.- 
based  PeopleSoft  formed  three 
product  lines:  Enterprise,  a 
portfolio  containing  its  tradi¬ 
tional  applications;  Enter- 
priseOne,  a  rebranded  suite  of 
J.D.  Edwards  applications;  and 
World,  the  portfolio  for  J.D. 
Edwards’  legacy  AS/400 
World  software.  Rather  than 
mingling  code  bases,  People- 
Soft  plans  to  indefinitely 
maintain  the  three  brands. 


Melding  Models 

PeopleSoft  and  J.D.  Edwards 
had  different  pricing  strate¬ 
gies,  however.  PeopleSoft 
uses  what  it  calls  a  “value- 
based  pricing”  model,  in 
which  its  software  has  no  list 
prices.  Fees  are  calculated 
based  on  a  number  of  factors, 
including  a  customer’s  size, 
industry  and  annual  revenue. 
The  licenses  usually  cover  an 
unlimited  number  of  users. 
J.D.  Edwards  had  a  more  tra¬ 
ditional  per-user  licensing 
model  for  its  applications 
and  modules. 

“We’ve  been  doing  a  lot  of 
work  to  roll  out  a  single  pric¬ 
ing  model  next  year.  We’re 
moving  more  toward  the  Peo¬ 
pleSoft  model,”  said  Les  Wy¬ 
att,  a  former  J.D.  Edwards  ex¬ 
ecutive  who  now  serves  as 
general  manager  of  People- 


Soft’s  EnterpriseOne  line. 

The  change  will  affect  only 
Enterprise  and  EnterpriseOne 
customers.  World,  for  which 
additional  licenses  are  sold 
almost  entirely  into  the  exist¬ 
ing  base  of  about  3,400  cus¬ 
tomers,  will  continue  to  be 
priced  on  a  per-user  basis. 
EnterpriseOne  also  has  about 
3,400  customers. 

The  change  will  affect  En¬ 
terpriseOne  customers  as  they 
license  new  modules  from  ei¬ 
ther  the  EnterpriseOne  or  En¬ 
terprise  product  lines.  Mainte¬ 
nance  fees  for  EnterpriseOne 
will  also  likely  rise,  Wyatt 
said,  though  he  noted  that  J.D. 
Edwards  had  been  raising  its 
maintenance  charges  steadily 


throughout  the  past  three 
years.  Details  of  the  pricing 
changes  are  still  being  worked 
out,  he  said. 

“One  of  the  things  we  don’t 
want  to  do  is  move  to  a  model 
that  arbitrarily  and  dramatical¬ 
ly  increases  our  prices,”  Wyatt 
said.  “Our  users  will  be  paying 
roughly  the  same  amount.” 


Not  Convinced 

One  EnterpriseOne  customer 
said  he’s  keeping  a  wary  eye 
on  PeopleSoft’s  licensing 
plans.  Manufacturing  compa¬ 
ny  Consolidated  Container 
Co.  in  Atlanta  has  about  400 
employees  in  several  facilities 
using  EnterpriseOne  applica¬ 
tions.  Vice  President  of  IT 


Andrew  Ziegele  said  People¬ 
Soft’s  sales  team  approached 
him  last  month  about  moving 
to  a  new  licensing  plan  that 
would  give  him  an  unlimited 
number  of  user  licenses. 

But  Ziegele  has  no  pressing 
need  for  more  user  seats,  and 
the  cost  of  the  proposed  new 
plan  was  around  $400,000. 
“That’s  pretty  much  like  re¬ 
licensing  the  whole  thing,”  he 
said.  “I’m  concerned  about  the 
licensing.  I  can  see  why  there’s 
some  confusion.” 

PeopleSoft  indicated  to 
Ziegele  that  any  licensing 
changes  to  his  contract  would 
be  optional,  so  he  won’t  be 
forced  into  an  expensive  re¬ 
investment  to  maintain  his 
current  software  configura¬ 
tion.  Ziegele  is  considering 
picking  up  several  new  mod¬ 
ules,  though,  and  said  he  isn’t 
sure  how  expensive  those 
additions  would  be. 

PeopleSoft’s  pricing  plans 


I’m  concerned 
about  the 
licensing.  I  can 
see  why  there’s 
some  confusion. 


ANDREW  ZIEGELE,  VICE  PRESIDENT 
OF  IT,  CONSOLIDATED  CONTAINER  CO. 


will  be  finalized  and  imple¬ 
mented  in  the  first  quarter  of 
2004,  most  likely  in  January, 
Wyatt  said. 

At  the  same  time,  People- 
Soft  plans  to  unify  its  sales 
force  with  that  of  J.D.  Ed¬ 
wards,  which  has  remained 
separate  since  its  acquisition. 
Sales  executives  will  special¬ 
ize  by  region  and  industry,  but 
every  sales  employee  will  be 
able  to  sell  every  PeopleSoft 
product,  Wyatt  said.  ©  43343 


Cowley  writes  for  the  IDG 
News  Service. 


Patch  Management  Options 
Grow  in  Wake  of  Blaster  Worm 


LANDesk,  other  vendors  rush  to  meet 
demand  for  automated  patching  tools 


BY  JAIKUMAR  VIJAYAN 

This  summer’s  Blaster  worm 
was  one  of  the  first  pieces  of 
malicious  code  to  spread  itself 
by  means  of  network-connect¬ 
ed  PCs.  And  the  worm  high¬ 
lighted  the  need  for  more  effi¬ 
cient  patching  processes  in 
many  companies. 

Since  then,  several  vendors 
have  announced  automated 
management  products  de¬ 
signed  to  help  companies 
quickly  test  patches,  identify 


NEW  PRODUCT 


LANDesk  Patch 
Manager  8 


FEATURE: 

Vulnerability  and  threat 
assessment 


Patch  validation 


Automated  patch  deployment 
PRIC  S12  per  node  per  year 


systems  that  need  them  and 
automatically  update  those 
systems. 

This  week,  South  Jordan, 
Utah-based  LANDesk  Soft¬ 
ware  Corp.  will  join  the  fray 
with  the  shipment  of  LAN¬ 
Desk  Patch  Manager  for  auto¬ 
mated  vulnerability  assess¬ 
ment  and  patch  distribution. 
The  software  is  designed  to 
give  administrators  a  central¬ 
ized  view  of  the  patch  status 
of  systems  on  their  networks, 
identify  specific  vulnerabili¬ 
ties,  test  and  deploy  the  patch¬ 
es,  and  then  audit  them  as 
needed. 

Other  vendors  marketing 
similar  products  include  Shav- 
lik  Technologies  LLC  in  Rose¬ 
ville,  Minn.,  St.  Bernard  Soft¬ 
ware  Inc.  in  San  Diego,  and 
PatchLink  Corp.  in  Scottsdale, 
Ariz. 

Raymond  James  Financial 
Inc.,  a  financial  services  firm 


in  St.  Petersburg,  Fla.,  has 
been  beta-testing  LANDesk’s 
new  patch  management  soft¬ 
ware  for  the  past  few  months 
and  is  preparing  to  roll  it  out 
to  10,000  systems  on  its  net¬ 
work. 

The  company  has  been  us¬ 
ing  another  LANDesk  soft¬ 
ware  tool  to  dis¬ 
tribute  patches 
companywide  for 
several  years.  But 
LANDesk’s  new 
patch  management 
function  will  give 
the  company  a  bet- 


agement  technology  from 
Emeryville,  Calif.-based  BigFix 
Inc.  to  22,000  client  systems. 

The  tool  will  not  only  help 
Pitney  Bowes  deploy  patches 
much  faster,  but  it  will  also 


WORM  WATCH 


For  more  on  this  topic,  visit 
our  Knowledge  Center: 

©  QuickLink  a1280 
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ter  view  of  the  systems  that 
need  to  be  patched  and  speed 
up  the  process  of  deploying 
the  patches,  said  Andy  Nosal, 
a  supervisor  of  LANDesk  op¬ 
erations  at  Raymond  James. 

“I  like  the  ease  of  being  able 
to  find  out  what  patches  are 
on  what  systems  and  seeing  all 
the  affected  machines”  that 
need  patching,  Nosal  said. 

Stamford,  Conn.-based  Pit¬ 
ney  Bowes  Inc.,  meanwhile,  is 
deploying  similar  patch  man- 


help  the  company  enforce 
tough  new  security  policies 
related  to  network-connected 
desktops,  notebooks  and  other 
client  devices,  said  David  Gi- 
ambruno,  the  company’s  di¬ 
rector  of  strategy  and  security. 

Since  BigFix’s  software  al¬ 
lows  Pitney  Bowes  to  monitor 
the  patch  status 
and  virus  signa¬ 
tures  on  every 
client  device,  the 
technology  has  en¬ 
abled  the  company 
to  quickly  identify 
improperly  config¬ 


ured  systems  and  either  block 
network  access  to  those  sys¬ 
tems  or  take  remedial  action, 
Giambruno  said. 

The  client-level  impact  of 
Blaster  forced  a  “fundamental 
change  in  our  thinking,”  he 
said.  Whereas  before  the  focus 
had  largely  been  on  protecting 
the  server  environment,  the 
current  emphasis  is  also  on 
ensuring  that  client  systems 
don’t  compromise  security, 
Giambruno  added.  ©  433137 
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Cybersecurity 

That  commitment  has  come 
under  increased  scrutiny  dur¬ 
ing  the  past  year,  as  various 
studies  and  independent  com¬ 
missions  have  concluded  that 
market  forces  alone  haven’t 
been  sufficient  to  yield  need¬ 
ed  improvements  in  security. 

At  a  summit  news  confer¬ 
ence,  Robert  Liscouski,  assis¬ 
tant  secretary  for  infrastruc¬ 
ture  protection  at  the  Depart¬ 
ment  of  Homeland  Security, 
and  Amit  Yoran,  the  newly 
appointed  chief  of  the  DHS’s 
National  Cyber  Security  Divi¬ 
sion,  were  grilled  by  reporters 
about  the  wisdom  of  the  gov¬ 
ernment’s  nonregulatory  ap¬ 
proach  to  working  with  the  pri¬ 
vate  sector.  Both  Liscouski  and 
Yoran  said  increased  govern¬ 
ment  regulation  remains  a 
possibility  should  the  private 
sector  fail  to  live  up  to  its  se¬ 
curity  responsibilities. 

“The  private  sector  owns 
the  problem,”  said  Liscouski. 
“There  are  a  lot  of  people  out 
there  who  are  willing  to  legis¬ 
late.  If  that’s  what  you  want,  I 
can  promise  you  that  you’ll  get 
it.”  But  he  added  that  the  Bush 
administration  doesn’t  think 
that  better  security  can  be  leg¬ 
islated  or  forced  on  the  private 
sector  by  the  government. 

Yoran,  making  one  of  his 
first  major  policy  speeches  as 
director  of  the  NCSD,  asked 
the  private-sector  executives 
present  —  only  eight  of  whom 
were  from  nonvendor  compa¬ 
nies  —  if  they  were  satisfied 
with  the  current  level  of  prog¬ 
ress  in  cybersecurity.  “I  hope 
that  you  are  not,”  said  Yoran. 
“We  are  a  nation  at  war.” 

In  an  interview  with  Com- 
puterworld,  Yoran  acknowl¬ 
edged  the  absence  of  user 
companies,  such  as  utilities, 
natural  gas  companies,  banks 


If  [legislation 
is]  what  you 
want,  I  can  promise 
you  that  you’ll  get  it. 


(’OfcOT  LISCOUSKI,  DEPARTMENT 

OF  HOMELAND  SECURITY 


IT  Security  Pros  Confident  of  Defenses 


sponsorship  and  approval. 

Robert  Holleyman,  president 
of  the  BSA,  said  that  while  the 
survey  shows  progress  is  being 
made,  "enormous  challenges” 
remain,  particularly  in  employee 
training  and  security  funding  at 
small  and  midsize  businesses. 

-  Dan  Verton 


Technologies  currently  deployed  or 
planned  over  the  next  12  months 


DEPLOYED  1 

■  Antivirus 

99% 

*  Firewalls 

97% 

■  E-mail  filtering 

74% 

■  Intrusion-detection  systems 

62% 

■  E-mail  attachment  blocking 

62% 

■  Web  site  blocking 

59% 

■  Vulnerability  scanners 

43% 

■  Encrypted  e-maii 

31% 

SOURCE:  ISSA/BSA  SURVEY  OF  1.716  IT  SECURITY  PROFESSIONALS 


SANTA  CLARA.  CALIF. 

Despite  a  significant  increase  in 
the  number  of  reported  security 
incidents  over  the  past  year,  a 
survey  released  last  week  by  two 
industry  groups  reveals  a  high 
level  of  confidence  on  the  part  of 
IT  security  professionals. 

As  of  the  third  quarter  of  2003, 
public  and  private-sector  organi¬ 
zations  reported  114,855  inci¬ 
dents  to  the  CERT  Coordination 
Center  in  Pittsburgh.  That’s  an 
increase  of  40%  over  last  year, 
according  to  the  survey  by  the 
Business  Software  Alliance 
(BSA)  and  the  Information  Sys¬ 
tems  Security  Association  (ISSA). 

The  survey  results  indicate  that 
the  increase  hasn't  dampened  the 
confidence  of  many  security  ad- 

and  transportation  firms,  at 
the  summit’s  debut.  But  he 
said  the  focus  was  to  get  tech¬ 
nology  providers  moving  on 
the  problem. 

A  summit  focused  on  infra¬ 
structure  owners  and  operators 
is  scheduled  for  next  month, 


ministrators,  but  whether  that  accu¬ 
rately  reflects  the  views  of  corporate 
security  personnel  is  unclear.  Of  the 
1,716  ISSA  members  surveyed,  70% 
were  from  government  agencies  or 
IT  vendor  and  services  firms;  only 
30%  were  corporate  users. 

Released  the  same  day  that  senior 
officials  from  the  Department  of 
Homeland  Security  warned  that  un¬ 
wanted  regulation  would  be  the  likely 
result  if  the  private  sector  doesn’t 
take  ownership  of  cybersecurity,  the 
independent  survey  found  that  three 
out  of  four  IT  security  administrators 
consider  their  companies  to  be  pre¬ 
pared  to  defend  against  a  major 
cyberattack.  EighhlHn  percent 
said  patches  for 

are  up  to  date  at  their  companies. 

In  addition,  three  out  of  four  re¬ 
said  Sally  McDonald,  the  se¬ 
nior  executive  in  charge  of  the 
DHS’s  outreach  program. 

Meanwhile,  referring  indi¬ 
rectly  to  a  Computerworld  re¬ 
port  last  week  in  which  some 
industry  executives  criticized 
the  role  of  powerful  IT  indus- 


spondents  said  recent  reports  of 
software  vulnerabilities  have  prompt¬ 
ed  their  companies  to  strengthen 
their  capabilities  to  respond  to  at¬ 
tacks.  Seventy-seven  percent  said 
they  have  a  formal  security  program 
in  place,  and  a  whopping  96%  of 
those  respondents  said  their  pro¬ 
grams  have  senior  management 


try  lobbying  groups  [Quick- 
Link  43189],  Harris  Miller, 
president  of  the  Arlington,  Va.- 
based  Information  Technology 
Association  of  America,  said 
those  comments  were  erro¬ 
neous  and  that  the  ITAA  and 
other  vendor  groups  that  co¬ 


sponsored  the  summit  have  no 
lobbying  power  over  the  DHS. 

Liscouski  echoed  that  claim. 
“We’re  not  going  to  let  any¬ 
body  who  operates  [a  busi¬ 
ness]  dodge  their  responsibil¬ 
ity,”  he  said.  “This  is  not  about 
mollifying  industry.”  ©  43338 


Continued  from  page  1 

Support 

ter  in  India  [QuickLink  43172], 

Other  major  vendors,  in¬ 
cluding  IBM,  Hewlett-Packard 
Co.,  Oracle  Corp.  and  Com¬ 
puter  Associates  International 
Inc.,  last  week  said  they  don’t 
plan  to  follow  Dell’s  turnabout 
by  reducing  their  reliance  on 
global  support  operations. 

Lori  Moore,  vice  president 
of  product  support  services 
at  Microsoft  Corp.,  said  via 
e-mail  that  the  company  has 
never  changed  support  loca¬ 
tions  because  of  user  feedback, 
although  it  does  get  com¬ 
plaints  “from  time  to  time  in 
each  of  our  support  centers.” 
But  she  noted  that  Microsoft 
sets  up  support  facilities  in 
new  countries  “in  a  thoughtful 
and  deliberate  manner.  We 
don’t  rush  into  other  markets.” 

For  example,  Microsoft  two 
months  ago  launched  a  pilot 
program  to  support  some  of 
its  products  from  a  site  in  Ban¬ 
galore,  India.  However,  Moore 


said  it  plans  to  take  a  “very  se¬ 
lective”  approach  on  the  pilot 
project.  No  companies  with 
Premier  Support  contracts  are 
being  supported  from  the  new 
facility,  she  added. 

Despite  its  pullback,  Dell  in¬ 
dicated  that  it  might  eventual¬ 
ly  shift  PC  support  back  to  In¬ 
dia.  Glenn  Bonner,  CIO  at  Dell 
user  MGM  Mirage  in  Las  Ve¬ 
gas,  said  providing  technical 
support  from  offshore  loca¬ 
tions  “really  doesn’t  matter  as 
long  as  the  quality  of  service  is 
the  same  and  there  is  not  a 
language  barrier.”  If  Dell  can 
successfully  serve  users  from 
India,  “it’ll  just  serve  to  reduce 
Dell’s  cost  and  ultimately  give 
savings  back  to  us,”  he  added. 

Tom  Iannotti,  vice  president 
of  business  development  at 
HP,  said  it  doesn’t  make  sense 
for  vendors  to  continually 
chase  around  the  world  for 
the  lowest  labor  costs.  That 
requires  constant  training  of 
workers,  not  only  in  the  tech¬ 
nical  aspects  of  product  sup¬ 
port,  but  in  English-language 
skills  as  well,  he  said. 


IBM  doesn’t  have  any  help 
desk  operations  in  India,  but  it 
does  handle  support  calls  from 
a  global  network  of  facilities 
in  Atlanta,  Toronto,  Scotland, 
Australia  and  China,  accord¬ 
ing  to  a  company  spokesman. 
IBM  isn’t  among  the  vendors 
that  “pride  themselves  on  do¬ 
ing  things  cheaply,”  he  added. 

Kirkland,  Wash.-based  vCus- 
tomer  Corp.  operates  a  pair  of 
technical  support  outsourcing 
centers  in  India  with  a  total  of 
about  2,500  customer  service 
workers  and  700  other  em- 


Offshore  Tips 

Users  weighing  purchases  of 
products  that  are  supported 
from  overseas  facilities  should: 

■  Check  performance  met¬ 
rics,  such  as  the  percentage 
of  problems  that  are  resolved 
on  the  first  call. 

Ask  to  see  third-party  cus¬ 
tomer  satisfaction  surveys. 

■  Evaluate  call  center  training 
programs  and  the  language 
skills  of  support  workers. 


ployees.  Sanjay  Kumar,  the 
company’s  CEO,  defended 
the  quality  of  service  that  his 
India-based  support  techni¬ 
cians  provide  but  acknowl¬ 
edged  that  their  accented  Eng¬ 
lish  can  be  hard  for  U.S.  users 
to  understand  at  first. 

“To  the  user,  it’s  a  new  ac¬ 
cent,  a  different  one,”  Kumar 
said.  However,  he  added  that 
vCustomer  spends  “thousands 
of  dollars”  per  agent  on  com¬ 
puter  training  and  to  “help 
neutralize  the  accent.”  (Kumar 
isn’t  related  to  CA’s  CEO,  who 
shares  the  same  name.) 

Several  analysts  said  they 
view  the  offshore  sourcing 
of  support  as  a  trend  that 
won’t  go  away.  But  IDC  analyst 
Ned  May  noted  that  the  hard¬ 
ware  success  Dell  has  reaped 
through  tight-fisted  manage¬ 
ment  of  its  supply  chain  does 
not  necessarily  translate  into 
the  more  people-based  sup¬ 
port  business.  ©  43340 


Remrters  Mmtt  Hamblen ,  Carol 
Sliwa  and  Marc  L.  Songini  con¬ 
tributed  to  this  story. 
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IT  Hiring  Plans  Vary,  Despite 
Signs  of  Demand  for  Workers 


Tech  recruiters  cite 
heightened  jobs  activity 

BY  THOMAS  HOFFMAN 

With  the  U.S.  economy  picking  up 
steam,  some  recruiters  are  seeing  a 
rise  in  demand  for  technology  work¬ 
ers.  But  several  IT  managers  who  were 
interviewed  in  late  November  said 
they  have  a  mix  of  hiring  plans. 

Following  a  series  of  hirings  earlier 
this  year,  Choice  Homes  Inc.  has  as 
many  IT  staffers  as  it  expects  to  need 
for  the  next  six  months,  said  Andrew 
Brimberry,  director  of  information  ser¬ 
vices  at  the  Arlington,  Texas-based 
home  builder. 

Choice  Homes 
added  a  database  ad¬ 
ministrator,  a  WAN 
technician  and  two 
help  desk  administra¬ 
tors  to  help  support  an 
expansion  of  its  IT  in¬ 
frastructure  that  was 
fueled  by  revenue 
growth.  With  those 
jobs  filled,  Brimberry 
said  he  doesn’t  see  any 
need  to  further  expand 
his  24-person  IT  staff. 

The  hiring  situation 
is  similar  at  Emcor 
Group  Inc.,  but  for  dif¬ 
ferent  reasons.  Nor¬ 
walk,  Conn.-based 
Emcor  makes  electrical 
and  mechanical  systems  for  commer¬ 
cial  construction  uses  and  offers  a  vari¬ 
ety  of  facilities-related  services.  But 
unlike  Choice  Homes,  which  has  bene¬ 
fited  from  continued  strength  in  new 
housing  starts,  Emcor  has  been  hurt  by 
weakness  in  the  commercial  sector. 

That’s  the  main  reason  why  Emcor 
plans  “little  to  no  growth  in  staff” 
within  its  IT  department  and  has  only 
a  handful  of  major  technology  initia¬ 
tives  in  its  2004  budget,  said  CIO 
Joseph  Puglisi. 

On  the  other  hand,  PRG-Schultz  In¬ 
ternational  Inc.  plans  to  increase  its  IT 
staff  by  more  than  10%  next  year.  CIO 
Eric  Goldfarb  said  the  Atlanta-based 
company,  which  does  auditing  work  to 
help  corporate  clients  identify  over¬ 
payments  to  their  suppliers,  will  add 
20  domestic  and  international  IT 
workers  to  its  current  staff  of  185  to 
support  increasing  customer  demand. 

“But  I  think  the  trend  this  upcoming 


year  is  for  highly  specialized  talent,” 
Goldfarb  added,  citing  PRG-Schultz’s 
need  for  experienced  IT  professionals 
with  ERP  skills  as  an  example. 

According  to  New  York-based  Dice 
Inc.,  72%  of  the  263  human  resources 
managers  and  recruiters  who  respond¬ 
ed  to  an  e-mail  survey  in  August  said 
they  planned  to  increase  their  hiring 
of  tech  workers  within  either  three  or 
six  months.  “This  is  a  huge  difference 
from  the  survey  we  conducted  last 
year,”  said  Scot  Melland,  president  and 
CEO  of  Dice,  which  operates  an  online 
job  board  for  tech  workers. 

The  new  survey  didn’t  explore  the 
types  of  positions  that  are  in  greatest 
demand,  nor  did  it  as¬ 
sess  hiring  by  vertical 
industry.  But  Melland 
said  an  analysis  of  his 
company’s  Web  site 
shows  that  demand  re¬ 
mains  strong  for  “tradi¬ 
tional,  hard-core  IT  po¬ 
sitions,”  such  as  Unix 
systems  administrators 
and  Oracle  and  SQL 
Server  database  admin¬ 
istrators. 

The  industries  that 
are  doing  the  most  hir¬ 
ing  include  aerospace 
and  defense  plus  finan¬ 
cial  services,  Melland 
added. 

Unemployment  rates 
remain  high  among  IT 
workers  compared  with  historical  lev¬ 
els.  The  Commission  on  Professionals 
in  Science  and  Technology,  a  Washing¬ 
ton-based  nonprofit  group  that  does 
research  on  workforce  and  educational 
issues,  said  in  a  report  released  in  Sep¬ 
tember  that  6%  of  IT  professionals 
were  out  of  work.  The  group  added 
that  the  overall  number  of  IT  jobs  has 
declined  by  150,000  from  its  peak  of  2.5 
million  in  2000  [QuickLink  41519]. 

Conditions  in  the  IT  job  market 
“have  been  very  trying  for  the  past  two 
years,  but  things  have  picked  up  a  lot 
since  August,”  said  Jim  Tobin,  a  senior 
technical  recruiter  in  the  Rochester, 
N.Y.,  office  of  staffing  services  pro¬ 
vider  Manpower  Inc.  ©  43279 


ON  THE  JOB 

For  full  coverage  of  IT  workforce  issues,  go  online 
to  our  Careers  Knowledge  Center: 

QuickLink  a2140 
www.computerworid.com 


Hiring  Expectations 


When  do  you  think  you 
will  increase  your  hiring  of 
IT  workers? 


No  plans  to  increase  hiring  -J 


BASE  263  HR  and  corporate  recruiting 
managers  surveyed  via  e-mail  in  late  August 

SOURCE:  DICE  INC..  NEW  YORK 
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HR  Standing  at  the  forefront 
of  the  Linux  revolution. 

Linux  is  all  about  open  solutions. 
And  so  is  HP.  So  naturally,  HP  has 
emerged  as  the  worldwide  leader  in 
Linux  solutions.  By  focusing  on  the 
key  strength  of  Linux— open  system 
environments— HP  has  been  solving 
real  business  problems  for  more 
customers  than  anyone  for  18 
quarters  running.  With  HP  hardware, 
software  and  over  4,000  Linux 
service  experts  ready  to  serve  you,  its 
easy  to  see  we're  the  Linux  leader. 
And  the  ones  you  should  call  to  make 
even  your  most  business-critical 
applications  easier  to  manage  at 
lower  costs.  Demand  more. 

Demand  HP  for  Linux. 

To  see  what  HP  and  Linux  can  do  for 
your  business,  try  our  TCO  calculator 
at  www.hp.com/go/demandlinux. 
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BEA,  IBM  Team  on  New  Java  Specs 


BY  CAROL  SLIWA 

BEA  Systems  Inc.  and  IBM, 
rivals  in  the  application  server 
software  market,  are  teaming 


up  to  propose  three  Java  speci¬ 
fications  in  a  bid  to  further  the 
cause  of  application  consisten¬ 
cy  and  portability. 


The  two  companies  pub¬ 
lished  the  specifications  late 
last  month  and  submitted 
them  under  royalty-free  terms 


to  the  Java  Community 
Process  (JCP)  organization, 
which  Sun  Microsystems  Inc. 
set  up  to  evolve  its  Java  tech¬ 
nology.  Voting  by  JCP  mem¬ 
bers  on  whether  to  accept  the 
specifications  began  last  week, 
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and  the  results  are  due  to  be 
announced  on  Dec.  16. 

Perhaps  the  most  significant 
specification  for  corporate  de¬ 
velopers  is  one  called  Service 
Data  Objects.  SDO  aims  to 
provide  a  simple,  unified  pro¬ 
gramming  model  for  accessing 
data  from  heterogeneous  sys¬ 
tems,  including  relational 
databases,  XML-based  data 
sources,  Web  services  and 
enterprise  applications. 

Nick  Gall,  an  analyst  at 
Meta  Group  Inc.,  said  many  of 
his  clients  are  grappling  with 
the  problem  of  providing  uni¬ 
form  access  to  structured  and 
unstructured  data.  “This  has 
been  a  never-ending  challenge 
for  all  application  architec¬ 
tures,”  Gall  said,  calling  it  an 
issue  for  both  Java  and  Micro¬ 
soft  developers. 

BEA  and  IBM  also  pub¬ 
lished  a  pair  of  application 
programming  interfaces.  One 
is  designed  to  let  applications 
based  on  J2EE  schedule  work 
to  execute  concurrently,  and 
the  other  supports  the  sched¬ 
uling  and  receipt  of  timer 
notifications. 

Allow  for  Feedback 

Scott  Dietzen,  chief  technolo¬ 
gy  officer  at  BEA,  noted  that  it 
can  take  one  to  two  years  for  a 
Java  specification  to  become  a 
formal  standard.  But  he  said 
that  by  publishing  the  new 
specifications  and  implement¬ 
ing  them  in  BEA’s  WebLogic 
and  IBM’s  WebSphere  soft¬ 
ware,  the  companies  and  other 
JCP  members  will  be  able  to 
get  more  feedback  from  the 
marketplace. 

“We  clearly  tried  to  stream¬ 
line  this  process  and  help  it 
along  from  an  adoption  stand¬ 
point,”  said  Rod  Smith,  vice 
president  of  Internet  emerging 
technologies  at  IBM.  The  spec¬ 
ifications  will  be  supported  in 
WebSphere  next  year,  accord¬ 
ing  to  an  IBM  spokeswoman. 

Ted  Schadler,  an  analyst  at 
Forrester  Research  Inc.,  said 
BEA  and  IBM  are  trying  to 
kick-start  Java  innovation  in 
response  to  slow  progress 
through  the  JCP.  “I  hope  it 
works,  because  I  think  users 
could  benefit  from  the  pace  of 
innovation  that  would  hap¬ 
pen,”  he  said.  ©  43157 
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MARYFRAN  JOHNSON 


Titanic  Discontent 


DITORS  ARE  STICKLERS  about  finding  the 
right  word  or  turn  of  phrase.  So  I  had  to 
cringe  a  little  at  calling  our  recent  annual 
Job  Satisfaction  Survey  by  its  given  name 


[QuickLink  a3810].  “Job 
Dissatisfaction  Survey” 
would  have  been  a  lot 
closer  to  the  truth. 

Our  online  survey  of 
936  IT  staffers  and  man¬ 
agers  yielded  a  gruesome 
and  depressing  lineup  of 
statistics,  with  82%  find¬ 
ing  work  more  stressful, 

69%  saying  they’re  not 
working  to  their  full  po¬ 
tential  and  56%  noting  a 
drop  in  their  satisfaction 
from  a  year  ago. 

Those  results  weren’t  all  that  sur¬ 
prising,  really,  when  stacked  up 
against  the  similarly  dreary  findings 
of  our  annual  salary  survey  earlier 
this  fall  [QuickLink  41785].  That  one 
documented  shrinking  pay  scales, 
overloaded  work  schedules,  worries 
about  outsourcing  and  the  continued 
negative  impact  of  this  industry’s  re¬ 
lentless  economic  doldrums. 

Are  your  eyes  glazing  over  yet? 
Mine,  too.  I  can  absorb  only  so  much 
bad  news  in  statistical  form  before  it 
becomes  just  a  stream  of  numerical 
white  noise.  And  what’s  happening 
on  the  job  in  IT  these  days  mirrors 
the  situation  in  so  many  other  sectors 
of  the  economy  —  blue  collar  and 
white  collar  alike  —  that  disgruntle- 
ment  feels  like  the  status  quo  every¬ 
where.  More  than  half  (51%)  of  the 
3,278  U.S.  workers  surveyed  last  year 
by  Spherion  Corp.  and  Harris  Inter¬ 
active  said  they  wanted  to  leave  their 
current  jobs. 

So,  who  cares?  Who’s  got  the  luxu¬ 
ry  of  time  to  worry  about  unhappy  IT 
staffers  or  chronically  stressed  proj¬ 
ect  managers?  Once  the  economy 
starts  to  party  again,  these  people 
problems  will  fade  away  like  a  New 
Year’s  Day  hangover,  right? 

Fade  away  is  right.  To  other  jobs  at 
other  companies,  as  our  “Already 
Gone”  story  in  this  week’s  Manage- 
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ment  section  contends 
(on  page  47,  and  online 
at  QuickLink  43001). 

Up  to  half  of  your  over¬ 
worked  IT  managers  and 
star  players  may  be  plan¬ 
ning  an  exodus  as  soon 
as  an  opportunity  pre¬ 
sents  itself. 

Worrying  about  an  IT 
brain  drain  may  seem 
pointless  right  now,  when 
nobody’s  going  anywhere 
fast  and  the  most  robust 
growth  industry  seems  to  be  offshore 
outsourcing.  But  all  sorts  of  employee 
surveys  are  issuing  warnings  about 
this  hulking  iceberg  of  discontent 
drifting  along  menacingly  below  the 
IT  workplace  surface,  ready  to  strike. 

Yet  unlike  all  the  other  complex 
problems  you’re  wrestling  with,  this 
one  has  two  very  basic,  inexpensive 
solutions: 

1.  Start  some  candid  conversations 
about  workplace  concerns  within  your 
IT  group.  Your  ability  to  talk  about 
what’s  on  their  minds  could  have 


an  enormous,  positive  impact  on 
morale.  “No  matter  how  busy  every¬ 
one  is,  you  should  be  able  to  carve 
out  just  a  little  time  to  encourage 
discussions  about  what  would  im¬ 
prove  conditions.  Try  taking  small 
groups  of  staffers  to  lunch  once  a 
week  to  discuss  their  perspectives  on 
how  things  are  going,”  recommends 
Paul  Glen,  one  of  our  Management 
columnists  [QuickLink  42356]  and 
author  of  Leading  Geeks:  How  to 
Manage  and  Lead  the  People  Who 
Deliver  Technology. 

2.  Pay  attention  to  and  act  upon  what 
those  conversations  tell  you.  Can  you 
cut  back  on  overtime  or  put  some 
lesser  projects  on  the  back  burner? 
Can  you  build  in  more  flexible  work 
schedules  or  lighten  workloads?  “Em¬ 
ployees  understand  and  can  handle 
the  fact  that  the  economy  is  tough,” 
says  Ed  Jensen,  a  partner  in  the  hu¬ 
man  performance  practice  at  Accen¬ 
ture,  who’s  been  hearing  firsthand 
about  the  “already  gone”  syndrome  at 
IT  client  sites.  “They  want  to  feel  part 
of  the  process  and  understand  why 
decisions  are  being  made.” 

Following  this  advice  could  help 
turn  a  dissatisfied  crew  into  a  more 
motivated  one  that  will  stay  with  you 
once  the  economy  bounces  back.  Isn’t 
it  worth  a  shot?  ©  43271 
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PIMM  FOX 

Saving 
Bandwidth 
And  Britney 

During  a  recent 
trip  to  the  movies,  I 
was  greeted  by  Holly¬ 
wood’s  not-so-subtle  cam¬ 
paign  to  promote  its  view 

that  video  piracy  is  sucking  money  out 
of  the  pockets  of  stunt  doubles  (never 
mind  the  stars).  It’s  only  a  matter  of 
time  before  music  moguls  warn  me  not 
to  steal  cash  from  Britney  Spears’  fa¬ 
vorite  Cartier  salesclerk. 

The  music  industry  is  already  wav¬ 
ing  nasty  letters  in  the  faces  of  colleges 
and  universities  cautioning  them  to 
curtail  piracy.  Luckily  there’s  a  tech¬ 
nology  solution  to  the  problem,  which 
technology  itself  created. 

The  technology  that  created  the 
problem  is  high-speed  Internet  access, 
which  is  available 
throughout  the  cam¬ 
puses  of  most  educa¬ 
tional  institutions. 

Students  and  faculty 
members  use  the  In¬ 
ternet  for  research 
and  legitimate  file 
sharing.  There’s  con¬ 
siderable  competi¬ 
tion  for  the  limited 
bandwidth.  Add  in 
less-than-legitimate 
downloads  of  music 
and  video,  and  a  lot  of  bandwidth  gets 
chewed  up. 

Jon  Dodds,  manager  of  network  and 
tech  services  at  Fairmont  State  College 
in  Fairmont,  WVa.  (7,200  students,  450 
faculty  members),  wanted  to  take  con¬ 
trol  of  his  bandwidth.  In  the  process, 
he  has  made  sure  that  the  school  does 
its  bit  to  promote  compliance  with 
copyright  laws.  He’s  quick  to  point  out 
this  isn’t  about  censorship;  it’s  about 
using  resources  effectively. 

His  quest  led  him  to  Bakersfield, 
Calif.-based  Lightspeed  Systems  Inc. 
His  initial  success  with  the  30-day 
evaluation  copy  of  the  company’s 
bandwidth  management  product  led 
him  to  buy  it. 

“We  started  by  doing  bandwidth  pri¬ 
oritization  between  the  dorms  and  the 
main  campus,”  Dodds  says. 

During  business  hours,  campus  con¬ 
nections  have  priority  over  dorm  use, 
and  Dodds  can  filter  out  certain  IP  ad- 
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Join  Us  to  Map 
the  Future  of  IT 

Strategic  problem-solving  and  peer  networking  with  the  nation’s  IT  leaders 


Conference  sessions  will  cover  these  critical  areas: 

•  Extending  Data  Management,  Enterprise  Integration  and  Web  Services 

•  Creating  a  Next-Generation  Infrastructure,  Reducing  Complexity 
and  Enhancing  Business  Value 

•  Charting  New  Directions  in  IT  Governance,  Regulatory  Compliance 
and  Project  Leadership 

•  Advancing  Security  and  Business  Continuity 

Computerworld’s  Premier  100  IT  Leaders  Conference  is  a  dramatically  different,  high 
impact  executive  event.  Now  in  its  5th  year,  this  annual  conference  brings  together 
hundreds  of  senior  IT  executives  for  a  compelling  series  of  high-level  discussion  panels, 
presentations  and  peer  networking  activities. 

The  Premier  100  IT  Leaders  for  2004  will  be  announced  and  profiled  in  our  January  5, 
2004,  issue  of  Computerworld  and  honored  during  a  special  ceremony  at  the  March  7-9, 
2004,  conference.  Rich  with  peer  advice  and  real-world  case  studies,  the  conference 
content  is  built  directly  from  user  feedback  provided  by  the  honorees  themselves.  Our 
editors  design  a  no-nonsense  agenda  that  features  Premier  100  honorees  and  other  IT 
leaders  focusing  exclusively  on  top-of-mind  issues  and  concerns  of  senior  IT  management. 
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FEATURED  SPEAKERS  INCLUDE: 


GLEN  SALOW 

EVP  &  CIO 
American  Express 


TT  DAVID  BAUER 
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Security  &  Privacy  Officer 
Merrill  Lynch 


~  BRIAN  LEINBACH 

SVP  of  Operations 
Delta  Technology.  Inc. 

(a  unit  of  Delta  Air  Lines) 


DAVID  THOMPSON 

SVP  &  CIO 
.  fe  PeopleSoft 


MOSHE  RUBINSTEIN 

UCLA  Distinguished 
Engineering  Professor 
and  Author  of  “The  Minding 
Organization" 


CONFERENCE  CHAIR: 


MARYFRAN JOHNSON 

Editor  in  Chief 
Computerworld 


SPECIAL  GUEST  SPEAKER: 


Author,  Humorist.  Lawyer, 
Economist.  Actor 
and  Educator 


To  register  or  for  more  information  visit:  www.premiei100.com/cwt 


For  companies  interested  in  sponsoring  and  exhibiting,  contact  your  Computerworld  account  director,  or  Leo  Leger  at  508-820-8212. 


COMPUTERWORLD 


PREMIER 


IT  LEADERS 

CONFERENCE  2004 


MARCH  7-9, 2004 

JW  Marriott 
Desert  Springs  Resort 

Palm  Desert, 
California 


Exchange  Innovative  Ideas  and 
Strategies  with  Computerworld’s 
Premier  100  IT  Leaders  who  are: 

•  Extending  Data  Management,  Enterprise  Integration 
&  Web  Services 

•  Creating  a  Next-Generation  Infrastructure, 

Reducing  Complexity  and  Enhancing  Business  Value 

•  Charting  New  Directions  in  IT  Governance, 

Regulatory  Compliance  &  Project  Leadership 

•  Advancing  Security  &  Business  Continuity 

WHY  YOU  SHOULD  ATTEND 

Are  you  responsible  for  mapping  the  future  of  your  organization’s  informa¬ 
tion  technology?  Want  to  exchange  innovative  ideas  and  strategies  with 
other  top  IT  executives?  Then  attend  Computerworld’s  Premier  100  IT 
Leaders  Conference,  the  ONLY  conference  where  you  can  hear  from  -  and 
network  with  -  Computerworld's  Premier  100  IT  Leaders. 

WHO  ARE  THE  PREMIER  100? 

They  are  a  unique  set  of  award  winning  IT  executives  with  valuable  lessons 
to  share  and  advice  to  offer  YOU.  They  are  technologists  who  understand 
business  needs,  take  calculated  risks  and  lead  through  innovation.  They  are 
CIOs,  vice  presidents  of  IT,  directors  of  IT  and  business  managers  honored 
as  Computerworld’s  Premier  100  from  a  wide  swath  of  vertical  industries. 
When  you  attend  this  unique  conference,  you  will  hear  proven  examples  of 
how  these  IT  Leaders  have  advanced  their  organizations  through  innovative 
leadership  and  proven  strategies. 

WHAT  IS  UNIQUE? 

Crafted  by  Computerworld  editors,  this  conference  offers  a  radical  depar¬ 
ture  from  the  standard  IT  event.  With  a  focus  on  great  ideas,  best  practices 
and  real  applications  of  IT  strategy,  you  gain  direct  insight  from  leading  user 
organizations.  The  major  sessions  provide  highly  interactive,  entertaining 
discussions  with  IT  Leaders  and  industry  experts  -  each  moderated  by 
Computerworld  editors  in  a  town-hall  meeting  format.  Key  topics  center  on 
the  intersection  of  technology  and  business  in  areas  critically  important  to 
today's  IT  manager. 


CONFERENCE  CHAIR: 


MARYFRAN 

JOHNSON 

Editor  in  Chief 
Computerworld 


SPECIAL  GUEST  SPEAKER: 


BEN  STEIN 

Author,  Humorist, 
Lawyer,  Economist, 
Actor  and  Educator 


Mapping  the 


Monday  Keynote  Address: 

From  IT  Expense  to  IT  Value 

Glen  Salow,  EVP  &  CIO,  American  Express 


A!  the  American  Express  Company,  everything  rides  on  the  IT  "manufacturing  plant”  forging  the  value  chain  for  this  diver¬ 
sified  global  provider  of  travel,  insurance,  financial  and  network  services.  During  the  past  few  years.  CIO  Glen  Salow  has 
crafted  a  new  value  agenda  for  IT  within  the  company,  turning  an  adversarial  relationship  with  the  business  side  into  a 
partnership,  leading  a  massive  outsourcing  operation  and  managing  demand  for  technology  services  in  ways  that  elimi¬ 
nated  $50  million  in  expense.  As  one  of  the  earliest  of  IBM's  “Computing  on  Demand"  customers  in  2002.  Salow  transi¬ 
tioned  more  than  32,000  employees  in  32  markets  to  IBM  and  crafted  a  similar  but  smaller  deal  with  AT&T  for  networking 
services.  The  end  result  is  a  far  more  flexible  IT  infrastructure  that  responds  swiftly  to  business  change.  In  his  keynote 
address.  Salow  will  talk  about  recasting  IT  from  a  cost  center  to  a  value  producer,  and  how  IT  leaders  who  concentrate  on 
delivering  value  will  build  the  best  futures  for  their  own  companies. 


Tuesday  Keynote  Address 

David  Bauer,  First  Vice  President  and  Chief  Information  Security  & 
Privacy  Officer,  Merrill  Lynch 


The  Once  and  Future  Infrastructure: 

An  Enterprise  Reality  Check 

Panel  Moderator:  Patrick  Thibodeau,  Senior  Reporter,  Computerworld 


IT  leaders  are  inundated  with  vendor  pitches  for  autonomic,  "on  demand,"  and  various  forms  of  utility  “pay  as  you  go" 
computing,  but  how  well  do  these  evolving  computing  models  match  the  actual  needs  of  the  enterprise?  Upgrading  their 
aging  corporate  infrastructures  is  indeed  a  top  priority  for  many  companies  today,  but  the  task  involves  a  complex  cas¬ 
cade  of  decisions  around  desktop  management,  server  consolidation,  blades  and  clustering,  open  source,  wireless  and 
even  outsourcing  considerations.  Alternative  financing  and  new  sourcing  approaches  also  come  into  play,  but  what  are 
the  tradeoffs?  Loss  of  flexibility  and  control?  Vendor  lock-in?  This  panel  of  experienced  senior  IT  managers  will  tackle 
these  tough  questions  as  they  talk  about  their  strategies,  plans  and  problem-solving  approaches  to  building  out  a  "once 
and  future"  infrastructure  primed  for  business  growth. 


Evaluating  Infrastructure  Renewal  Through  Scenario- 
Based  Decision-Making 

Brian  Leinbach,  SVP  of  Operafions,  Delta  Technology,  Inc.  (a  unit  of 
Delta  Air  Lines) 


IT  managers  have  long  known  that  the  cost  of  development  and  initial  deployment  of  IT  systems  is  quickly  matched  by 
the  cost  of  system  maintenance.  In  order  to  communicate  this  to  its  parent  company.  Delta  Technology  developed  a 
business  risk  analysis  tool  that  addresses  the  infrastructure  renewal  of  technology  assets  by  reviewing  the  following 
characteristics:  technology  age,  business  value  at  risk,  platform  supportability,  platform  complexity  and  risk  of  failure. 
This  session  addresses  how,  by  developing  a  standardized  risk  scoring  process  and  using  scenario-based  decision 
processes,  companies  can  evaluate  proposed  infrastructure  investment  scenarios  and  identify  mitigation  strategies. 


Riding  a  Tidal  Wave  of  Change:  Data  Management, 
Enterprise  Integration  and  Web  Services 

Panel  Moderator:  Don  Tennant,  News  Editor,  Computerworld 


Finding  the  most  innovative  yet  cost-effective  ways  to  manage  data  and  integrate  business  and  technology 
processes  are  among  the  most  formidable  challenges  facing  IT  organizations  today.  But  there  are  some  com¬ 
pelling  approaches  emerging.  Web  services,  in  particular,  hold  the  potential  to  enable  companies  to  leverage 
software  technologies  (such  as  Sun's  J2EE  and  Microsoft's  .Net)  more  effectively,  develop  and  build  new  appli¬ 
cations  faster,  and  integrate  legacy  and  Web  applications  more  gracefully.  Yet  questions  about  lax  security  and 
slippery  standards  compliance  continue  to  plague  Web  services.  The  success  (or  failure)  of  integration  projects 
is  especially  visible  across  a  company's  supply  chain,  in  its  wireless  strategies  and  in  business  intelligence 
efforts.  This  panel  will  deliver  a  lively  exchange  of  experience  and  advice  on  the  key  issues  surrounding  enter¬ 
prise  integration,  including  the  skill  set  and  cost  challenges  driving  many  companies  to  outsource  development. 


Steal  This  Great  Idea:  Audience  Participation  and  Working  Session 

Moderators:  Maryfran  Johnson,  Editor  in  Chief,  Computerworld,  and  Mark 
Hall,  Opinions  Editor/Columnist,  Computerworld 


PRE-CONFERENCE  GOLF  OUTING  Sponsored 

March  7th,  12:00pm 


The  Pre-Conference  Golf  Outing  at  The  Palm  Course 
at  the  JW  Marriot  Desert  Springs,  is  complimentary 
($165  value)  for  registered  IT  End-Users.  (Other  partici¬ 
pants,  including  sponsors  and  vendors,  may  play  on  an 
“as  available"  basis  and  are  responsible  for  all 
applicable  golf  expenses.) 

For  details:  contact  Chris  Leger  at  508-820-8277 
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SELECTED  SESSIONS 


Visit  www.premier100.com/cwt  for  an  up-to-the-minute  agenda. 


Project  Disasters:  How  to  Predict  Them,  Prevent 
Them  or  Pull  the  Plug  on  Them 

Paul  Glen,  President  of  C2  Consulting,  Computerworld  Management 
Columnist  and  Author  of  “Leading  Geeks” 

Despite  significant  progress  over  the  last  decade,  project  success  rates  are  still  dismally  poor.  Only  about  one- 
quarter  of  all  IT  projects  are  completed  successfully.  The  rest  are  canceled  completely  or  finished  up  late,  over¬ 
budget  and  sometimes  missing  major  functionality. 

When  used  well,  traditional  IT  project  management  approaches  can  provide  excellent  information  about  what 
happened,  but  they're  lousy  at  predicting  the  future.  In  this  presentation.  Paul  Glen  will  identify  the  five  leading 
indicators  of  project  success  and  show  how  to  use  them  to  predict  the  future,  prevent  problems  and  emerge  a 
hero  with  technologists  and  business  executives  alike. 


■  Selling  Security  to  Your  Beady-Eyed,  Bean-Counting  CFO 

Doug  Lewis,  President,  The  Edge  Consulting  Group,  Atlanta, 
and  former  CIO,  InterContinental  Hotels  Group 

From  the  "been  there,  done  that"  perspective  of  a  longtime  CIO,  Doug  Lewis  will  walk  you  through  his  methodolo¬ 
gy  for  building  a  business  case  for  security  spending  with  the  biggest  corporate  roadblock  of  all:  the  Chief 
Financial  Officer.  This  presentation  will  lay  out  a  detailed,  three-step  process  for  determining  appropriate  security 
levels,  building  an  affordable  security  plan  and  mapping  out  the  ROI-based  business  case  that  senior  executives 
will  respect  and  support.  Lewis  will  reveal  everything  from  the  raw  ingredients  of  building  a  successful  business 
case  to  the  reasons  why  IT  groups  should  outsource  vulnerability  assessments  and  penetration  tests  against  key 
systems.  He'll  also  explain  the  folly  of  low-balling  the  TCO  (Total  Cost  of  Ownership)  of  an  expensive  security 
overhaul,  and  provide  specific  examples  (including  the  math)  from  several  industry  case  studies. 


Breakfast  Address:  Homeland  Security: 

Public/Private  Partnerships  &  The  Cost  of  Failure 

Dan  Verton,  Senior  Reporter,  Computerworld,  and  author  of  “Black 
Ice:  The  Invisible  Threat  of  Cyber  Terrorism” 

Cyber  security  is  the  common  thread  that  ties  together  the  nation’s  most  pressing  homeland  security  and  critical 
infrastructure  protection  challenges  -  challenges  that  could  be  with  us  for  many  decades  as  the  war  on  terror 
unfolds.  But  does  the  absence  to  date  of  a  second  major  terrorist  attack  on  the  U.S.  indicate  that  the  so-called 
public-private  partnership  between  the  government  and  the  private  sector  is  really  working?  Or  is  it  quietly  failing 
due  to  behind-the-scenes  conflicts  and  political  skirmishes  between  the  public  and  private  organizations  respon¬ 
sible  for  our  common  defense?  Computerworld’s  Dan  Verton  will  kick-off  a  day  of  security,  business  continuity 
and  project  leadership  discussions  with  a  revealing  look  at  what's  gone  right,  what's  gone  wrong  and  why  failure 
cannot  be  an  option. 

The  Myth  of  Corporate  Security:  Why  CIOs  are  Mad  as 
Hell  and  not  Going  to  Take  it  Anymore 

Alan  Paller,  Executive  Director  of  Research,  SANS  Institute 

From  his  unique  research  and  training  perspective  on  the  security  industry.  SANS  Institute's  Alan  Paller  will  start  off  this 
session  with  a  live  demo  of  a  hacking  incident  to  show  just  why  CIOs  are  so  irate  about  the  poor  quality  of  protection  their 
software  and  systems  provide  today.  Who  is  to  blame  here,  and  what's  being  done  about  it?  Why  are  security  staffers 
constantly  fighting  a  war  they  never  seem  to  win?  What  can  you  do  about  users  who  ignore  procedure  and  worsen  secu¬ 
rity  problems?  What  recourse  is  there  against  vendors  who  deliver  unsafe  systems?  In  this  session,  Paller  will  introduce 
you  to  several  CIOs  who  have  made  dramatic,  sometimes  harsh  moves  that  forced  real  change.  He'll  show  what  they  did 
and  how  they  did  it  and.  in  a  couple  cases,  who  got  in  the  way. 

No  More  Excuses:  Responding  to  the  Demands  of  Data 
Privacy  Laws,  Regulatory  Compliance  and  Other  Business 
Mandates  on  Corporate  IT  Security 

Panel  Moderator:  Dan  Verton,  Senior  Reporter,  Computerworld,  and  author  of 
“Black  Ice:  The  Invisible  Threat  of  Cyber  Terrorism” 

The  security  agenda  for  2004  is  long  on  mandates  but  short  on  money,  leaving  IT  to  battle  with  few  resources 
against  a  slew  of  malicious  attacks,  tough  new  data  protection  laws  and  demands  for  metrics  that  demonstrate 
effectiveness  of  information  security  procedures.  The  long  list  of  pressing  concerns  confronting  Chief  Security 
Officers  and  IT  leaders  includes  regulatory  compliance  practices,  application  and  network  security,  spam,  enter¬ 
prise  monitoring,  benchmarking  against  standards  and  disaster  recovery  responsiveness.  How  are  leading 
organizations  juggling  and  responding  to  these  myriad  challenges?  When  everything  is  a  priority,  how  can  you 
possibly  prioritize?  What  kind  of  metrics  are  proving  most  effective  in  gaining  support  and  understanding  from 
the  business  side?  This  panel  will  hone  in  on  what's  working  (and  what  isn't)  in  their  own  companies,  sharing  a 
wealth  of  practical  advice  and  fresh  insight  about  how  to  answer  the  security  challenges  facing  so  many  IT 
organizations  today. 


IT  Governance,  Risk  Management  and  the  Future 
of  the  IT  Organization 

Panel  Moderator:  Julia  King,  National  Correspondent,  Computerworld 

Many  CIOs  and  senior  IT  executives  are  moving  into  expanded  roles  in  2004,  as  risk  management,  regulatory  compli¬ 
ance,  vendor/suppiier  negotiations  and  outsourcing  management  ali  become  standard  components  of  their  leadership 
roles.  But  is  IT  governance  ready  to  evolve  beyond  its  previously  narrow  focus  on  technology  spending  and  labor 
costs  -  into  real  partnership  with  business  objectives?  How  should  potential  IT  investments  be  evaluated  and  mapped 
to  companywide  priorities?  What  skillset  changes  does  the  current  IT  organization  need  most?  Where  will  future  proj¬ 
ect  leaders  come  from  if  outsourcing  continues  its  aggressive  growth?  This  panel  will  focus  on  these  critical  issues 
confronting  corporate  IT,  and  offer  some  experienced  guidance  on  how  to  prepare  for  the  high-risk  changes  ahead. 


N  Integrating  Human  Capital:  The  Magic  of  Creative 
Adaptive  Planning 

Moshe  Rubinstein,  UCLA  Distinguished  Engineering  Professor,  and 
author  of  “The  Minding  Organization” 

The  most  important  thing  to  know  about  planning  is  that  organizations  do  entirely  too  much  of  it.  says  this  distinguished 
UCLA  professor  and  author.  Too  many  detailed  rules  constrict  an  organization's  creativity  and  suck  the  life  out  of  our  capaci¬ 
ty  for  adaptive  planning.  In  his  highly  engaging,  dynamic  interaction  with  the  audience,  Moshe  will  illustrate  the  power  of 
human  problem-solving  behavior.  He  will  demonstrate  the  principles  of  complexity  theory  and  the  importance  of  living  in  a 
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OPINION 


dresses,  block  some  peer-to-peer  traf¬ 
fic  and  even  segregate  dorms  by  sub¬ 
net.  Using  the  graphic  capabilities  of 
the  package,  Dodds  is  able  to  see 
which  protocols  are  using  the  most 
bandwidth  and  then  allocate  band¬ 
width  as  needed. 

He  uses  the  two  servers  that  run  the 
bandwidth  management  software  in  an 
array  for  fail-over  protection,  ensuring 
continuous  connection  to  the  network. 
Dodds  even  tests  new  configurations 
on  one  of  the  servers’  arrays  before 
promoting  it  to  the  primary  array. 

Prior  to  implementing  the  band¬ 
width  management  setup,  Fairmont 
was  considering  purchasing  additional 
bandwidth.  That’s  now  been  shelved. 

And  as  for  pulling  the  plug  on  illegal 
music  and  video  downloads,  well,  let’s 
just  say  Britney  can  shop  to  her  heart’s 
content.  O  43186 

THORNTON  A.  MAY 

Disconnecting 
IT  From 
Reality 

IN  THE  PAST  60  DAYS,  I 
have  been  knees-under- 
the-table  with  hundreds  of 
IT  leaders  and  scratch-and- 
sniff  close  to  scores  of  vendor 

CEOs.  In  addition,  I’ve  attended  more 
than  my  share  of  IT  events.  One  of 
them,  Comdex,  brought  together  the 
ideas  that  have  been  swirling  about  me 
for  the  past  two  months,  with  frighten¬ 
ing  clarity. 

We  stand  at  a  moment  unprecedent¬ 
ed  in  the  evolution  of  IT.  I  use  the 
word  unprecedented  because  at  no  pre¬ 
vious  time  in  history  has  technology 
possessed  more  promise  or  its  value 
been  so  seriously  doubted.  The  doubts 
could  overwhelm  the  promise,  how¬ 
ever,  since  two  vast  disconnects  imper¬ 
il  our  possibilities. 

Disconnect  No.  1:  Despite  being  anoint¬ 
ed  by  the  mainstream  media,  Bill  Gates, 
Windows  and  Microsoft  aren’t  the  fu¬ 
ture  of  our  industry. 

On  Nov.  16,  some  7,000  IT  leaders 
streamed  into  the  Aladdin  Theatre  in 
Las  Vegas  to  hear  what  Gates  had  to 
say  in  his  Comdex  keynote  speech.  Yet 
barely  half  of  the  audience  members 
were  able  to  remain  conscious  through 
what  may  well  have  been  the  worst 
piece  of  oratory  ever  inflicted  upon  the 
technology  industry.  (In  my  row,  half 
the  people  were  asleep.) 
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It  wasn’t  just  a  matter  of 
Gates’  skills  as  a  speaker, 
but  also  of  the  ideas  he  was 
presenting. 

Still,  the  mainstream  press 
equates  Microsoft  with  the 
future  of  our  industry.  For 
example,  Steven  Levy  and 
the  editors  at  Newsweek  — 
known  more  for  color-by- 
numbers  linear  thinking 
than  strategic  insight  —  re¬ 
cently  devoted  a  cover  story 
to  Gates  in  which  he  talked 
about  the  future  of  comput¬ 
ers.  In  doing  so,  they  did 
both  journalism  and  IT  a  disservice. 

Even  a  modest  bit  of  reporting  would 
have  revealed  that  most  of  the  $6  bil¬ 
lion  that  Microsoft  is  spending  on  R&D 
is  focused  on  protecting  existing  prod¬ 
uct  lines  rather  than  on  creating  new 
franchises.  Microsoft’s  strategic  weak¬ 
ness  is  its  repeatedly  demonstrated  in¬ 
ability  to  generate  sustainable  busi¬ 
nesses  outside  its  core  competence  of 
operating  systems. 


Disconnect  No.  2:  People 
believe  Scott  McNealy,  but 
they  scoff  at  their  local  Sun 
Microsystems  sales  reps. 

Thirteen  hours  after 
Gates’  Comdex  speech, 
McNealy  gave  his.  What 
followed  was  a  brilliant, 
no-props-required  tour  de 
force  explanation  of  where 
the  industry  has  been  and 
where  we  are  going. 

Later,  the  200-plus  C-lev- 
el  attendees  at  the  Comdex 
CIO  Boot  Camp  were  asked 
whether  they  more  ad¬ 
mired  the  thinking  of  Microsoft’s  chief 
software  architect  or  Sun’s  CEO.  The 
answer  was  unanimous  for  Sun’s  boss. 

Herein  lies  the  disconnect.  McNealy 
and  his  senior  team  are  spooky  smart 
and  have  thought  hard  and  long  about 
how  our  industry  works.  The  top 
of  the  house  at  Sun  has  architected 
a  plausible,  affordable  and  practical 
alternative  path  to  the  Microsoft 
hegemony. 


THORNTON  A.  MAY  is  a 

longtime  industry  ob¬ 
server,  management 
consultant  and  com¬ 
mentator,  Contact  him 


Unfortunately,  this  message  isn’t  the 
one  being  delivered  by  the  Sun  sales 
force,  which  is  perceived  by  most  IT 
leaders  as  being  little  more  than  coin- 
operated  box  sellers.  Sun’s  sales  force 
is  the  least  influential  and  respected  of 
all  the  major  vendors. 

Prior  to  pulling  out  the  order  form, 
Sun  salespeople  need  to  channel  the 
powerful  ideas  of  their  leader  and  re¬ 
connect  themselves  to  the  market¬ 
place.  They  need  to  articulate  what 
McNealy’s  big  ideas  mean  for  worka¬ 
day  IT  leaders. 

If  Microsoft  can  jettison  its  addic¬ 
tion  to  and  fetish  with  Windows  and  if 
Sun  can  escape  the  parochialism  of  its 
sales  force,  we  might  see  a  tech  boom 
that  makes  the  dot-com  era  pale  in 
comparison.  If  not,  doubts  about  IT’s 
value  will  continue  to  grow,  to  the 
detriment  of  us  all.  ©  43185 
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Indiana's  Choice 

Editor’s  note:  The  news  that 
the  Indiana  Department  of 
Workforce  Development 
had  signed  a  deal  with  Tata 
America  International  Corp. 
that  could  have  resulted  in 
as  many  as  65  IT  staffers 
from  India  being  brought  in 
to  work  on  a  project  un¬ 
leashed  a  flood  of  letters, 
both  before  and  after  the 
state  rescinded  the  contract. 

WHAT’S  AT  ISSUE  is  not 

whether  the  contracting 
process  was  fair,  but  whether  this 
should  be  allowed  [“Job  Agency 
Hires  Foreign  Help,”  QuickLink 
42838].  It  wouid  have  been  cre¬ 
ative  of  someone  in  the  Indiana 
state  government  to  search  through 
its  unemployment  lists  and  put  to¬ 
gether  a  team  made  up  of  unem¬ 
ployed  IT  workers.  But  people 
aren’t  paid  to  think;  they're  paid  to 
get  the  lowest  cost. 

Jim  Tennyson 
Independent  consultant, 

Xcel  Systems  Inc., 

New  Jersey,  Jim.Tennyson@ 
Xcelsystems.com 

MORE  power  to  Republican  In¬ 
diana  state  Sen.  Jeff  Drozda 


and  his  legislation  that  would  disal¬ 
low  such  ridiculous  maneuvers.  A 
state  agency  whose  very  purpose  is 
to  assist  state  residents  with  finding 
employment  should  not  be  sending 
work  to  overseas  firms. 

Dan  Denver 

Senior  systems  programmer, 
Port  Ludlow,  Wash., 
ddenver@olypen.com 

ODDS  ARE  that  hundreds  of  peo¬ 
ple  who  are  qualified  for  the 
outsourced  work  are  receiving  un¬ 
employment  compensation  from  the 
state.  They  should  be  given  first  op¬ 
portunity  at  those  jobs.  Not  only 
would  the  state  get  the  job  done,  but 
some  people  would  come  off  of  un¬ 
employment  rolls. 

Every  government  agency  should 
be  required  to  include  some  type  of 
“local  workforce”  requirements  in 
contracts.  We  may  not  be  willing  to 
stop  large  corporations  from  send¬ 
ing  jobs  overseas,  but  we  should  be 
able  to  stop  our  government  agen¬ 
cies  from  doing  it. 

John  Schoettl,  CISSP 
Saint  Cloud,  Fla. 

GOOD  JOB,  Gov.  Kernan  ["Em¬ 
ployment  Agency  Scuttles  India 
Contract."  QuickLink  43167],  As  an 
IT  employee  who  is  constantly  see¬ 
ing  IT  workers'  livelihood  shipped 


overseas  or  overtaken  by  overseas 
workers,  it's  refreshing  to  see  some¬ 
one  in  government  who  is  con¬ 
cerned  about  the  thousands  of  un¬ 
employed  U.S.  workers.  I  had  the 
pleasure  of  living  in  South  Bend, 
Ind.,  when  Joe  Kernan  was  mayor. 
He  did  an  outstanding  job  there,  and 
it  looks  like  his  great  work  is  contin¬ 
uing  at  the  statehouse. 

Edwin  Shaffer 
Data  center  production 
manager,  Chicago, 
e_f_shaffer@hotmail.com 


Eye-opener 

I  HAVE  DEDUCED  why  Neil  Mont¬ 
gomery  is  scowling  in  the  picture 
accompanying  the  article  “Eyes 
Everywhere"  [QuickLink  42407].  As 
a  midmarket  CEO,  he  is  receiving 
daily  e-mail  reports  on  the  activity 
of  individual  sales  representatives 
and  the  timely  delivery  of  individual 
orders.  This  is  an  outstanding  ex¬ 
ample  of  an  information  system 
providing  the  wrong  individual  with 
an  overabundance  of  irrelevant  in¬ 
formation.  Are  decisions  being 
made  on  a  daily  basis  by  the  CEO  at 
Davis  Controls  that  require  this 
data?  Are  the  outcomes  achieved 
by  the  activity  at  Davis  sparked  by 
these  decisions  enhanced  by  the 
consideration  of  this  data?  These 


daily  management  reports  do  pro¬ 
vide  valuable  updates  on  the  per¬ 
formance  of  the  organization,  but 
they  should  be  provided  only  to 
those  who  are  responsible  for  the 
management  of  that  particular  facet 
of  operations  -  a  sales  manager, 
for  example. 

Of  course,  if  this  implementation 
of  the  Macola  Enterprise  Suite  en¬ 
abled  Davis  to  eliminate  its  sales 
manager,  transfer  sales  manage¬ 
ment  responsibility  to  the  CEO,  and 
in  doing  so  improve  both  sales  force 
efficiency  and  executive  leadership 
effectiveness,  please  ignore  my 
previous  paragraph. 

Nate  Brandstater 
Assistant  vice  president,  La 
Sierra  University,  Riverside, 
Calif,  nbrandst@lasierra.edu 

C0MPUTERW0RLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor,  Computerworld, 
P0  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 

Fax;  (508)  879-4843. 

E-mail;  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 
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THE  FASTEST  WAY  TO  MAKE  YOUR 
APPLICATIONS  PERFORM  TOGETHER 

processes,  and  enhance  the  value  of  legacy  applica¬ 
tions.  You’ll  see  real-world  evidence  of  this  in  the 
customer  testimonial  section  of  our  web  site.* 
Ensemble  is  exciting  new  software  from 
InterSystems.  Over  the  past  twenty- five  years  our 
high  performance  products  have  been  deployed 
in  more  than  100,000  mission-critical  systems 
around  the  world. 

We’re  so  confident  that  Ensemble  is  drama¬ 
tically  faster  than  any  other  integration  technology, 
we’ll  be  happy  to  begin  our  partnership  with  you 
by  conducting  a  pilot  project.  To  pursue  this, 
contact  us  at: 

www.InterSystems.com/Ensemble/Pilot 

InterSystems 

E  ENSEMBLE 


*Rcad  how  companies  like  yours  have  integrated  applications  faster  with  Ensemble:  www.InterSystems.com/Ensemble/Customers 
If  you  arc  a  System  Integrator  in  need  of  a  rapid  integration  platform,  come  to  www.InterSystems.com/Ensemble/Partners 


Imagine  your  applications  -  both  legacy  and 
new  -  performing  together  as  an  ensemble. 

That  vision  can  become  a  reality  surprisingly 
quickly  with  Ensemble,  the  comprehensive  inte¬ 
gration  platform  with  all  the  functionality  you 
need  to  rapidly  complete  any  type  of  integration 
project  on  deadline  and  on  budget.  Even  complex 
projects  you  may  have  struggled  with  in  the  past. 

With  its  unique  fusion  of  powerful  technologies 
for  application  integration,  development,  deploy¬ 
ment,  and  management,  Ensemble  enables 
extremely  fast  integration  and  rapid  development 
of  “composite  applications”  -  new  business 
solutions  that  integrate  data,  orchestrate  business 
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FUTURE  WATCH 

The  New  Internet 

Researchers  say  PlanetLab  promises 
a  faster,  more  reliable  and  more  se¬ 
cure  Internet,  but  it  will  take  years 
to  accomplish.  Page  36 


SECURITY  MANAGER’S  JOURNAL 


QUOTE  OF  THE  WEEK 


Single  Sign-on  Effort  Falls  Short 

When  Mathias  Thurman’s  company 
merges  its  directories  and  moves  toward 
a  single  sign-on  system,  the  implementa¬ 
tion  has  some  undesired  effects.  Page  40 


MToys  for  techies  are  gone  from  enterprise 
IT  budgets,  but  technology  investment  is 
essential  if  companies  are  to  move  ahead  or 
even  keep  up  with  the  competition. 

Columnist  Tommy  Peterson,  page  44 


Some  six  months  after 
its  launch,  early  adopters 
and  consultants  give 
Windows  Server  2003 
a  thumbs  up  for  turning 
many  services  off  by 
default,  but  security 
concerns  still  remain. 

BY  CAROL  SLIWA 


There  are  good  reasons 
why  expectations  have 
run  higher  for  Windows 
Server  2003  from  a  se¬ 
curity  standpoint  than 
for  any  prior  edition 
that  Microsoft  Corp.  has 
released. 

With  its  April  launch,  Windows 
Server  2003  became  the  first  operating 
system  to  ship  since  Microsoft  com¬ 
menced  its  much-touted  Trustworthy 
Computing  initiative  in  earnest,  after 
Chairman  Bill  Gates  sent  the  compa¬ 
ny’s  employees  a  memo  in  January 
2002  telling  them  that  security  would 
be  the  “highest  priority.” 

Soon  after  Gates  issued  the  memo, 
Microsoft  shut  down  Windows  produc¬ 
tion  for  10  weeks  to  train  engineers  in 
writing  secure  code.  The  company  de¬ 
layed  Windows  Server  2003  for  rough¬ 
ly  a  year,  in  part  to  allow  more  time  for 
intensive  source-code  analysis,  threat 
modeling,  penetration  testing,  buffer 
overrun  checks  and  security  audits. 

The  natural  question  becomes  this: 

Is  Windows  Server  2003  living  up  to 
its  billing?  Some  say  no.  More  say  it’s 
too  early  to  tell. 


Better  Security  by  Default 

Early  adopters,  analysts  and  consul¬ 
tants  agree  that  Microsoft  has  made 
improvements  —  most  notably,  dis¬ 
abling  many  features  and  functions  in 
the  default  install  to  reduce  the  surface 
area  available  for  hackers  to  attack.  In¬ 
ternet  Information  Server  6.0,  for  in¬ 


stance,  is  turned  off  by  default.  And 
overall,  Microsoft  shut  off  or  reduced 
privileges  for  more  than  30  services  in 
Windows  Server  2003. 

“You  design  the  role  of  the  server 
and  turn  on  only  things  appropriate  to 
the  task  at  hand.  That  is  the  greatest 
security  feature  we’ve  seen  and  taken 
advantage  of  in  Windows  Server  2003,” 
says  Scott  Campbell,  director  of  IT  op¬ 
erations  at  First  American  Title  Insur¬ 
ance  Co.  in  Santa  Ana,  Calif.  The  com¬ 
pany  is  currently  certifying  applica¬ 
tions  to  run  on  Windows  Server  2003 
in  preparation  for  a  gradual  rollout  to 
172  servers. 

But  early  adopters  have  yet  to  reach 
a  verdict  when  judging  the  new  operat¬ 
ing  system  from  a  vulnerability  stand¬ 
point.  Most  have  neither  tested  nor  de¬ 
ployed  Windows  Server  2003  at  large 
scale  or  in  a  wide  enough  range  of  sce¬ 
narios  to  tell  just  how  solid  it  is. 

“We  want  to  see  at  least  two  quar¬ 
ters’  worth  of  data  —  and  I  don’t  care 
about  patches.  I  want  to  see  the  pene¬ 
tration  test  results,”  says  Jeremy 
Lehman,  a  senior  vice  president  who 
heads  the  technology  group  at  New 
York-based  Thomson  Financial,  which 
has  migrated  about  20  servers  to  Win¬ 
dows  Server  2003. 

Some  security  experts  are  already 
dubious.  They  point  out  that  some  of 
the  vulnerabilities  affecting  older  Win¬ 
dows  operating  systems  also  plague 
Windows  Server  2003,  as  demonstrated 
through  patches  that  have  been  issued. 

Continued  on  page  32 
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With  the  best  data  protection  available  on  a  wireless  notebook,  you  can 
work  where  you  like.  Knowing  there’s  a  power  looking  out  for  you. 


It’s  easy  to  work  wirelessly  when  you  choose  the  exceptional  performance  of  these  IBM 
ThinkPad®  notebooks  with  Intel®  Centrino™  mobile  technology.  You’ll  also  get  the  most 
secure  PCs  available.  Because  IBM  builds  in  an  extra  layer  of  protection  on  select  models 
for  passwords  and  documents,  making  it  extremely  tough  for  the  unauthorized  to  access 
your  vital  data.  No  one  else  offers  this  level  of  hacker-resistant  hardware  and  software 
security  as  a  standard  feature.  So  feel  free  to  go  where  the  mood  takes  you.  We’ll  be  right 

there  beside  you.  think  protection 
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IBM  recommends  Microsoft® 
Windows®  XP  Professional 
for  Business. 

NEW!  IBM  ThinkPad  R40 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0'  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel"  Centrino:M  mobile  technology 

•  Intel  Pentium  M  processor  1 ,40GHz-' 

•  Intel  PRO/Wireless  Network  Connection  802.11b3 

•  Microsoft  Windows  XP  Professional4 

•  14. 1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM 

•  20GB5  hard  drive 

•  Ultrabay™  Plus  CD-RW/DVD-ROM  combo 

•  IBM  UltraNav™  -  TrackPoint  and  touch  pad 

•  1-yr  system/battery  limited  warranty 

*1,279*  M  NavCode  289793U-M588 

Recommended  Option: 

•ServicePac  Service  Upgrade:3 
3-yr  Depot  Repair  #30L91 92  s132 


NEW!  IBM  ThinkPad  T41 

Distinctive  IBM  Innovations: 

•  Access  Connections  -  Easiest  wired 
and  wireless  connectivity 

•  IBM  Embedded  Security  Subsystem  2.0'  - 
Strongest  security  as  a  standard  feature 

System  Features: 

•  Intel  Centrino  mobile  technology 

•  Intel  Pentium  M  processor  1.40GHz'’ 

•  Intel  PRO/Wireless  Network  Connection  802.11b 

•  Microsoft  Windows  XP  Professional 

•  14.1"  XGA  TFT  Display  (1024x768) 

•256MB  DDR  SDRAM 

•  NEW!  40GB  hard  drive  with  IBM  Hard  Drive 
Active  Protection  System 

•  Ultrabay  Slim  CD-RW/DVD-ROM  combo 

•  Only  1  ”  thin”  •  4.5-lb  travel  weight5  . 

•  1-yr  system/battery  limited  warranty 

*1,769*  '  ■'  NavCode  2378DHU-M588 

Recommended  Option: 

•  ServicePac  Service  Upgrade: 

3-yr  Onsite  Repair/9x5/Next  Business. 

Day  Response  #30L91 95  s243 
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“I  still  give  them  an  F,”  says  Russ 
Cooper,  surgeon  general  at  TruSecure 
Corp.  in  Herndon,  Va.  “We  keep  getting 
examples  of  how  nothing’s  changed.” 

But  where  some  see  a  black  cloud, 
others  see  a  brighter  horizon.  Micro¬ 
soft  CEO  Steve  Ballmer  noted  this  fall 
during  keynote  presentations  that 
Windows  Server  2003  had  four  critical 
vulnerabilities  at  the  150-day  mark, 
compared  with  17  for  its  predecessor  at 
the  same  stage.  “It’s  insufficient,  but 
it’s  real  improvement,”  he  says. 

The  total  vulnerability  count  was  32 
for  Windows  2000  and  14  for  Windows 
2003,  according  to  Mike  Nash,  vice 
president  of  Microsoft’s  security  busi¬ 
ness  unit.  Nash  notes  that  certain  vul¬ 
nerabilities  rated  critical  for  some 
products  are  moderate  for  Windows 
Server  2003  because  of  its  more  secure 


We  want 
to  see  at 

least  two  quarters’ 
worth  of  data  [on 
Windows  Server 
2003]  -  and  I  don’t  care 
about  patches.  I  want  to  see 
the  penetration  test  results. 

JEREMY  LEHMAN,  SENIOR  VICE  PRESIDENT, 
THOMSON  FINANCIAL 


default  configuration.  He  adds  that  the 
vulnerability  comparison  to  Windows 
2000  is  fair,  since  there  are  more  peo¬ 
ple  scrutinizing  the  product  than  there 
were  three  years  ago. 

But  Marc  Maiffret,  co-founder  and 
chief  hacking  officer  at  security  services 
vendor  eEye  Digital  Security  Inc.  in  Al- 
iso  Viejo,  Calif.,  doesn’t  view  the  statis¬ 
tics  that  Microsoft  has  put  out  —  or  sta¬ 
tistics  from  any  vendor  —  as  a  credible 
gauge.  He  says  some  vendors  may  ne¬ 
glect  to  mention  that  some  advisories 
address  multiple  vulnerabilities,  or  they 
may  silently  address  a  collection  of 
vulnerabilities  via  a  service  pack.  “I’ve 
never  seen  anyone  do  a  valid  break¬ 
down  on  the  numbers.  Everyone  seems 
to  have  some  type  of  agenda,”  he  says. 

And  Tom  Bittman,  an  analyst  at 
Gartner  Inc.,  says  Windows  2000  Serv¬ 
er  was  a  “monster  release,”  so  it’s  not 
surprising  that  its  vulnerability  count 
was  higher  in  the  first  150  days.  In  con¬ 
trast,  Windows  Server  2003  is  an  incre¬ 
mental  release,  he  says.  “The  billing 
»vas  Trustworthy  Computing,  the  most 
secure  operating  system.  The  impres¬ 


sion  people  took  away  is  we  would  see 
a  dramatic  improvement,”  Bittman 
says.  “This  is  a  battle  they  cannot  win. 
All  they  need  is  one  dangerous  securi¬ 
ty  problem  out  there,  and  it’ll  look  like 
they  haven’t  solved  their  problem.” 

New  Security  Features 

Microsoft  introduced  a  collection  of 
features  and  enhancements  to  help  im¬ 
prove  security  in  Windows  Server 
2003.  Administrators  who  use  public- 
key  infrastructure  services,  for  in¬ 
stance,  will  be  able  to  automatically 
enroll  and  renew  certificates.  They  will 
also  be  able  to  control  access  to  re¬ 
sources  based  on  an  employee’s  role 
and  set  policies  to  prevent  executable 
programs  from  running  on  computers. 

Michael  Stephenson,  a  Windows 
Server  group  product  manager,  says 
another  helpful  new  feature  that 
shipped  with  a  resource  kit,  the  net¬ 
work  access  quarantine  service,  lets 
users  check  the  state  of  computers  ac¬ 
cessing  the  network  and  block  VPN  ac¬ 
cess  if  necessary. 

Yet  no  matter  how  many  security  en¬ 
hancements  the  new  server  operating 
system  has,  early  users  most  frequently 
mention  the  new  default  settings  that 
lock  down  services  that  might  be  vul¬ 
nerable  to  attack. 

Instead  of  knowing  how  to  turn  ser¬ 
vices  off,  IT  shops  now  have  to  learn 
how  to  turn  them  on,  says  Bob  Lam- 
oureux,  chief  architect  at  Thomson  Fi¬ 
nancial.  He  says  the  process  isn’t  diffi¬ 
cult,  although  it  doesn’t  hurt  to  check 
out  the  installation  guides  beforehand. 

Although  some  early  adopters  think 
Microsoft  did  a  good  job  with  the  new 
default  settings,  TruSecure’s  Cooper 
still  doesn’t  think  enough  services  are 
turned  off.  Internet  Explorer,  for  in¬ 
stance,  is  enabled  at  a  high  security 
level  in  Windows  Server  2003  for  serv¬ 
er  administration  purposes, 
but  Cooper  questions  why 
the  Web  browser  is  enabled 
at  all.  “I  need  to  know  that  I 
don’t  need  to  reboot  my 
mission-critical  server  be¬ 
cause  of  the  latest  IE  cumu¬ 
lative  update,”  he  says. 

Other  features  that  Cooper  thinks 
should  not  be  on  the  box  include  Out¬ 
look  Express,  Media  Player  and  Re¬ 
mote  Assistance  —  “just  all  these  tools 
that  are  unnecessary  for  a  server  and 
have  been  exploited  in  the  past.” 

Cooper  says  he  conducted  a  study  at 
the  end  of  July  and  found  that  almost 
every  vulnerability  affecting  Windows 
2000  Server  also  affects  Windows 
Server  2003.  “This  certainly  doesn’t 
bode  well  for  all  the  extra  work  Micro¬ 


soft  claims  to  have  put  into  the  code 
base,”  he  says. 

Gartner’s  Bittman  says  he  thinks  Mi¬ 
crosoft  will  eventually  have  to  consid¬ 
er  a  complete  Windows  code  rewrite. 
“It’s  a  lot  easier  to  design  secure  code 
from  Square  1  than  it  is  to  go  back  and 
find  possible  holes,”  he  says. 

It  has  certainly  been  a  source  of  frus¬ 
tration  for  Microsoft  to  learn  of  bugs 
that  date  back  to  Windows  NT  4.0. 
Steve  Lipner,  directory  of  security  en¬ 
gineering  strategy  at  Microsoft,  says 
the  company  is,  in  come  cases,  finding 
new  vulnerabilities  in  old  code,  includ¬ 
ing  new  patterns  of  buffer  overruns. 

Lipner  says  Microsoft  does  a  post¬ 
mortem  to  determine  the  cause  of 
every  vulnerability,  trying  to  find  out  if 
it  occurred  because  of  a  process  error, 
a  technology  problem  or  a  program¬ 
mer’s  mistake.  “Then  we’ll  respond  ap¬ 
propriately  to  try  to  update  what  we 
do  and  how  we  do  it  to  make  sure  that 
our  customers  don’t  suffer  through  the 
cost  of  that  problem  again,”  he  says. 

But  some  users  are  growing  frustrat¬ 
ed.  David  Bryant,  senior  information 
security  engineer  at  St.  Petersburg, 
Fla.-based  Raymond  James  Financial 
Inc.,  which  has  migrated  about  25  of  its 
500  Windows  servers  to  the  new  oper¬ 
ating  system,  says  he’s  concerned  that 
the  buffer  overflow  problems  of  prior 
Windows  versions  affect  the  latest  iter¬ 
ation  as  well.  He  says  he  fears  that  Mi¬ 
crosoft  may  be  depending  on  users  de¬ 
ploying  Firewall  technologies  to  secure 
its  software,  rather  than  focusing  on 
writing  secure  code. 

“I’m  disappointed  that  it  appears 
that  Server  2003  will  again  be  an  OS 
that  I  can  count  on  for  several  critical 
patches  every  month,”  he  says. 

Maiffret  at  eEye  says  it  will  take  an¬ 
other  six  months  to  determine  whether 
the  vulnerabilities  that  have  surfaced 
are  flukes  or  signs  of  more  to 
come  in  Windows  Server 
2003.  But  the  early  appear¬ 
ance  of  default  remote  sys¬ 
tem  vulnerabilities  —  “the 
most  severe  type  of  vulnera¬ 
bility  you  can  have  in  a  Win¬ 
dows  operating  system”  —  has  led  him 
to  conclude  that  Windows  Server  2003 
is  not  substantially  improved  security- 
wise  and  that  companies  with  large 
Windows  2000  Server  installations  will 
find  no  cost  justification  to  migrate. 

Users  of  Windows  NT  4.0  will  be 
more  compelled  to  move,  although  se¬ 
curity  may  not  be  the  driving  factor. 
Steve  Yeager,  vice  president  of  infor¬ 
mation  systems  at  WestAmerica  Mort¬ 
gage  Co.  in  Oakbrook  Terrace,  Ill.,  says 
his  company  was  in  growth  mode  and 
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BigTumoff 

To  reduce  the  attack  surface  area, 
Microsoft  turned  off  some  of  the  ser¬ 
vices  in  Windows  Server  2003.  Here 
are  some  of  the  more  prominent  fea¬ 
tures  that  are  disabled  by  default: 

■  Alerter 

■  Distributed  Link  Tracking  Server 

■  Indexing  Service 

■  Internet  Information  Server 

■  Internet  Connection  Firewall 

■  Messenger 

■  .Net  Framework  Support  Service 

■  NetMeeting  Remote 
Desktop  Sharing 

■  Remote  Access  Auto 
Connection  Manager 

■  System  Event  Notification 

■  Task  Scheduler 

■  Telnet 

■  Terminal  Services  Session  Directory 
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needed  to  upgrade  its  aging  NT 
servers.  The  new  security  features 
were  simply  a  “side  benefit,”  he  says. 

Gartner  analyst  John  Pescatore 
views  Windows  Server  2003  as  a  major 
leap  forward,  and  he  estimates  that,  in 
the  long  run,  it  will  have  fewer  critical 
security  flaws  than  Windows  2000.  He 
notes  that  Gartner  originally  advised 
clients  to  wait  18  months  to  deploy  the 
new  operating  system  but  has  now  re¬ 
duced  that  by  six  months. 

Some  organizations  may  want  to 
wait  for  security  improvements  that 
are  on  the  way.  Ballmer  recently  out¬ 
lined  new  technologies  that  will  help 
to  lock  the  memory  so  worms  and  ex¬ 
ploits  can’t  write  into  “bad  pieces  of 
memory  after  a  buffer  overrun  prob¬ 
lem.”  New  perimeter  inspection  tech¬ 
nologies  and  role-based  security  con¬ 
figurations  are  due  in  the  second  half 
of  next  year  with  the  first  service  pack 
for  Windows  Server  2003. 

“Microsoft  has  made  some  signifi¬ 
cant  advances  in  the  security  of  Server 
2003,”  says  Bryant,  “but  it  still  needs 
more  work.”  ©  42985 


Computerworld’s  Jaikumar  Vijayan 
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We  see  management  a 
little  differently  from  the 
rest  of  the  crowd. 


At  NetlQ,  we  don't  see  a  problem.  Only  solutions. 

Managing  your  Windows  server  environment  is  easier 
than  ever  with  Microsoft  Operations  Manager.  And, 
as  a  key  Microsoft  partner,  NetlQ  extends  Microsoft 
Operations  Manager  to  manage  and  secure  your 
entire  enterprise,  whether  you're  driving  UNIX, 
NetWare,  Linux,  Windows. ..or  all  of  them.  NetlQ. 
We're  the  management  people.  And  nobody  does 
management  smarter.  Nobody. 


CIO  eBook!  Get  your  free  copy  of  From  Chaos  to  Control: 
The  CIO's  Executive  Guide  to  Managing  and  Securing 
the  Enterprise,  www.netiq.com/manageability 
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The  idea  of  trucking  records  to  a  hidden,  blastproof 
underground  storage  facility  sounds  so  very  1950s, 
but  increased  regulation  and  electronic  delivery 
systems  have  stoked  the  demand  for  Iron  Mountain’s 
off-site  archiving  services. 
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The  drive  from  the 

Pittsburgh  airport  to  the 
secret  underground  fa¬ 
cility  winds  through 
rolling  Pennsylvania 
farmlands  and  woods, 
past  quaint  old  churches 
and  through  tiny  towns 
that  time  has  overlooked.  The  access 
road  to  the  site  is  unmarked,  but  writ¬ 
ten  directions  say  to  turn  left  just  after 
a  certain  picnic  shelter. 

A  guard  stops  the  car  and  searches 
it.  Satisfied  that  the  visitors  don’t  have 
weapons,  cameras  or  tape  recorders, 
he  advises  driving  forward  to  the  next 
checkpoint  and  honking  the  horn. 
There,  at  the  mouth  of  an  old  lime¬ 
stone  mine,  a  massive  metal  gate 
grinds  open,  admitting  the  car  to  an 
underground  guard  post  for  more 
searches  and  interrogations. 

Just  when  it  seems  that  every  con¬ 
ceivable  security  measure  has  been  at¬ 
tended  to,  a  guard  hands  the  visitors  a 
fire  extinguisher  and  says  it  must  be 
carried  in  their  vehicle  wherever  it 
might  travel  in  the  20  miles  of  tunnels 
that  run  through  the  mine. 

One  might  reasonably  assume  that 
this  records-storage  facility,  owned  by 
Boston-based  Iron  Mountain  Inc.,  is 
just  miles  of  tape  racks  and  filing  cabi¬ 
nets.  It  is  that,  but  it  also  houses  a  130- 
acre  underground  city,  where  1,900 
people  work  for  110  companies  and 


government  agencies.  It  has  its  own 
data  center,  bus  service,  fire  depart¬ 
ment  and  power  plant,  as  well  as  a 
water  system  with  a  five-acre  under¬ 
ground  reservoir. 

The  facility  is  a  vast  catacomb  200 
feet  below  the  surface,  where  electric 
golf  carts  scurry  among  mostly  un¬ 
marked  rooms  and  vaults  with  cli¬ 
mates  tailored  for  the  treasures  they 
house  —  paper  documents,  digital 
magnetic  media,  microfilm,  video  and 
audio  tapes,  photographs,  original 
prints  of  Hollywood  films,  human  tis- 
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sue  samples  and  things  Iron  Mountain 
won’t  tell  you  about.  The  exact  loca¬ 
tion  of  this,  the  largest  underground 
storage  facility  in  the  world,  is  re¬ 
vealed  only  on  a  need-to-know  basis. 

Digging  at  the  mine  began  in  1902. 

It  produced  limestone  for  U.S.  Steel 
Corp.’s  nearby  mills  until  it  was  aban¬ 


doned  in  1950.  Four  years  later,  a  com¬ 
pany  Iron  Mountain  later  acquired  con¬ 
verted  it  into  an  atomic  bomb  shelter 
for  customers’  vital  records  and,  if  nec¬ 
essary,  customers’  executives. 

Over  the  ensuing  decades,  Holly¬ 
wood  studios  sent  their  precious  origi¬ 
nal  films  there  for  long-term  storage, 
federal  agencies  sent  sensitive  records 
and  the  people  who  created  them  there 
for  secrecy  and  safety,  and  corpora¬ 
tions  sent  their  vital  paper  records 
there  for  archiving.  Not  much  changed 
over  those  years. 
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Paper  records  and  magnetic  media  no  longer  have  to  be  trucked  into 
Iron  Mountain's  underground  facility.  Now,  digital  archives  can  be 
sent  and  retrieved  electronically. 


Customer  site 


alio 

m 


E-commerce 


iron  Mountain 
facility 


Archive 


Storage 


Iron  Mountain  data  center 


New  Rules 

Then  came  the  scandals  on  Wall  Street 
—  at  Enron,  Arthur  Andersen,  World¬ 
Com  and  dozens  of  other  companies. 
Congress,  the  U.S.  Securities  and  Ex¬ 
change  Commission  and  the  stock 
exchanges  reacted  with  a  raft  of  new 
record-keeping  and  archiving  rules 
and  regulations,  while  employees, 
shareholders  and  customers  unleashed 
a  torrent  of  litigation. 

Even  in  situations  where  no  legal  re¬ 
quirement  for  archiving  exists,  judges 
in  corporate  governance  lawsuits  are 
demanding  backup  files  of  electronic 
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RECORDS  MAWUSEMEHT: 

A  NE6LECTED  DISCIPLINE 


TRADITIONALLY,  organizations  have  thought 
of  records  management  as  the  cataloging  and 
storage  of  inactive  paper  records.  They  may 
have  document  management  systems,  where 
the  emphasis  is  on  author  collaboration,  docu¬ 
ment  creation  and  publishing.  But  the  fine 
points  of  archiving  methods,  retention  sched¬ 
ules,  physical  storage,  security,  retrieval  meth¬ 
ods  and  so  on  are  often  neglected  or  handled 
on  an  ad  hoc  basis. 

Issues  surrounding  the  retention  of  elec¬ 
tronic  messages,  which  companies  typically 
haven’t  considered  archivable  records,  can  be 
especially  troublesome. 

It's  difficult  and  expensive  to  selectively  re¬ 
trieve  e-mails  from  tapes  because  the  files 
aren’t  indexed,  says  Margaret  Rimmler,  a  vice 
president  at  records-storage  company  Iron 
Mountain.  And  it’s  dangerous  to  keep  too  much 
information.  “So  a  company  has  five  years  of 
backup  tapes,  and . . .  they  think  they  have  this 
great  records  management  program.  But  you 
know  what?  Those  backup  tapes  are  still  dis¬ 
coverable,  and  they  have  everything  on  them,” 
she  says.  Keep  records  management  and  dis¬ 
aster  recovery  separate,  Rimmler  advises.  “You 
set  up  your  good  records  management  pro¬ 
gram  for  e-records,  then  you  set  up  your  back¬ 
up  tape  rotation  to  be  just  for  disaster  recovery. 
Don't  let  the  tapes  just  hang  around  like  a  lot  of 
IT  people  do;  put  them  on  a  30-day  rotation." 

Commercial  ERP  and  CRM  systems  typically 
don’t  have  records  management  and  archiving 
capabilities  that  meet  regulatory  requirements, 


Rimmler  says.  Until  they  do,  she  says,  users  will 
need  add-on  products  such  as  IBM’s  Content 
Manager  and  Records  Manager,  FileNet 
Corp.’s  Records  Manager  or  Records  Manager 
from  the  Documentum  Inc.  unit  of  EMC  Corp. 

Many  of  the  pitfalls  associated  with  digital 
records  management  and  archiving  can  be 
avoided  by  outsourcing  the  job  to  companies 
such  as  Iron  Mountain,  Recall  Corp.  or  Zantaz 
Inc.,  says  Patrick  Gordon,  a  principal  consul¬ 
tant  at  Compliant  Systems  Consulting  LLC  in 
Medfield,  Mass.  “The  benefit  is  there's  a  whole 
infrastructure  you  don't  have  to  deal  with,”  he 
says.  But,  Gordon  warns,  “you  still  have  fiducia¬ 
ry  responsibility  for  that  information.  You . . . 
are  giving  up  some  control  and  taking  on  an¬ 
other  level  of  risk  when  you  outsource." 

Deciding  what  to  save  is  complicated  by  the 
fact  that  any  given  file,  such  as  a  word  process¬ 
ing  document,  usually  exists  in  six  or  seven 
places  in  a  company’s  IT  systems,  says  Alan 
Pelz-Sharpe,  an  analyst  at  Ovum.  Moreover, 
companies  lack  the  tools  -  and  sometimes 
the  will  -  to  classify  files  as  official  business 
records  to  be  archived  or  “garbage”  that  should 
be  deleted  as  soon  as  possible. 

But  the  biggest  records  management  chal¬ 
lenge  of  all,  according  to  Pelz-Sharpe,  is  this; 
“Nobody  wants  to  do  that  work.  It’s  boring,  and 
there’s  no  ROI.  You  have  CIOs  and  CFOs  say¬ 
ing,  ’Well,  I  guess  we  have  to  do  this  because 
it’s  the  law,’  but  there’s  absolutely  no  enthu¬ 
siasm  for  it.” 

-  Gary  H.  Anthes 


records,  most  notably  e-mail  messages. 
Companies  that  can’t  produce  them 
often  settle  the  suits  on  unfavorable 
terms  and  sometimes  pay  stiff  fines. 

In  response  to  the  resulting  surge  in 
demand  for  safe  and  secure  digital 
records  storage,  Iron  Mountain  earlier 
this  year  opened  a  5,000-sq.-ft.  data 
center  inside  its  secret  underground 
facility.  The  data  center  includes  24TB 
of  storage  capacity  and  the  equivalent 
of  1,586  T1  communication  lines  con¬ 
necting  it  to  the  world  above. 

The  $1.5  billion  company  also  rolled 
out  a  digital  records  archiving  service 
that  customers  can  use  to  send  the 
Pennsylvania  facility  document  scans, 
e-mail  and  instant  messages,  financial 
records,  Web  content,  images  and 
anything  else  that  can  be  put  into 
digital  form. 

So  what  was  first  a  limestone  mine 
and  then  a  facility  where  companies 
shipped  paper  records  and  magnetic 
media  to  protect  them  from  atomic 
blasts  has  been  transformed  once 
again,  this  time  into  a  place  where 
companies  can  send  and  retrieve  their 
digital  archives  over  private  WAN 
links  or  through  the  Internet,  bypass¬ 
ing  the  guards  and  the  big  steel  gate. 

An  IT  vice  president  at  a  large  New 
York  brokerage,  who  asked  not  to  be 
named,  says  his  company  sends  Iron 
Mountain  some  2  million  e-mails  and 
instant  messages  per  week.  The  mes¬ 


sages  flow  continuously  over  two  dedi¬ 
cated  lines  —  one  to  a  data  center  in 
Boston,  the  other  to  the  Pennsylvania 
facility.  The  company  has  also  set  up 
an  encrypted  virtual  private  network 
(VPN)  over  the  Internet  as  an  emer¬ 
gency  backup  channel. 

The  IT  manager  says  Iron  Mountain 
writes  two  copies  of  the  brokerage’s 
message  traffic  to  nonerasable  WORM 
(write  once,  read  many)  media,  in  ac¬ 
cordance  with  a  new  SEC  requirement. 
He  says  outsourcing  the  job  met  the 
company’s  four  goals:  fast  implementa¬ 
tion,  distributed  user  access  to  ar¬ 
chived  messages,  good  audit  trails  on 
user  access  and  compliance  with  fed¬ 
eral  regulations. 

Outsourcing  message  archiving  was 
also  attractive  because  it  would  have 
been  too  time-consuming  and  expen¬ 
sive  to  set  up  the  WORM  infrastruc¬ 
ture  in-house  and  provide  two  separate 
physical  facilities  for  media  storage, 
the  manager  says. 

But  he  acknowledges  that  the 
arrangement  carries  with  it  some  wor¬ 
ries.  “You  are  entrusting  very  sensitive 
data  to  an  external  vendor,  so  that’s  al¬ 
ways  a  concern,”  he  says. 

Digital  records  archiving  is  a  logical 
function  to  outsource,  says  Alan  Pelz- 
Sharpe,  an  analyst  at  the  Boston  office 
of  Ovum  Inc.,  an  IT  research  firm.  But 
even  a  company  that  specializes  in 
archiving  and  uses  state-of-the-art 


technology  can’t  address  problems 
that  occur  before  records  can  be  cap¬ 
tured  by  a  records  management  sys¬ 
tem.  “Typically,  the  business  processes 
are  not  in  place,  and  some  of  the  data 
is  in  paper,  some  is  electronic,  some  is 
in  attachments  to  e-mail,  and  guess 
what?  They  have  no  idea  which  is 
which  and  where  it  is,”  he  says. 

The  Digital  Archive 

In  Iron  Mountain’s  system,  a  front-end 
processor  running  at  its  data  center 
takes  incoming  records  and  applies 
customer-supplied  business  rules  that 
specify  retention  periods,  adds  tags  to 
aid  in  information  auditing  and  re¬ 
trieval,  applies  digital  fingerprints  and 
provides  other  records  management 
and  security  functions.  It  writes  the 
records  to  disk  and  later  to  tape,  while 
creating  a  searchable  index  that’s  ac¬ 
cessible  by  the  customer  via  a  Web 
browser  (see  diagram).  Destruction  of 
records  can  occur  automatically,  based 
on  customer-supplied  rules,  or  by  cus¬ 
tomer  command. 


The  Digital  Archive  service,  which 
costs  about  $12  per  month  per  giga¬ 
byte,  is  a  remote  records  management 
system  that  applies  file-level  logic  and 
accessibility  to  information  for  compli¬ 
ance  and  other  purposes.  Iron  Moun¬ 
tain  offers  a  remote  service  called 
Electronic  Vaulting  for  off-site  bulk 
data  protection  for  disaster  recovery. 

For  whatever  purpose  —  disaster 
recovery,  legal  compliance  or  simply 
preserving  corporate  history  —  Iron 
Mountain’s  old  mine  will  receive  more 
and  more  of  its  inventory  electronical¬ 
ly,  says  the  IT  vice  president  at  the 
New  York  brokerage.  His  firm  is  likely 
to  move  in  that  direction  as  it  begins  to 
bypass  paper  entirely.  “Records  will  be 
digital  to  start  with,”  the  IT  manager 
says.  “It  will  be  a  natural  progression 
over  time.”  O  43003 

THENEWRULESOFSTORAGE 

Laws  such  as  HIPAA  and  the  Sarbanes-Oxley  Act  are 
forcing  IT  managers  to  re-examine  their  storage 
infrastructures: 
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IlieNew 

Internet 

Researchers  are  building 
a  new  Net,  one  layer  at  a 
time.  By  Lucas  Mearian 


Researchers  develop¬ 
ing  the  next  incarna¬ 
tion  of  the  Internet 
say  it  will  be  faster, 
more  reliable  and  more  se¬ 
cure.  Moreover,  it  will  be  self- 
aware  and  able  to  determine 
the  best  way  to  deliver  data 
and  services. 

The  most  prominent  next- 
generation  Internet  project  is 
PlanetLab,  a  research  testbed 
that’s  been  in  existence  for 
about  a  year  and  a  half. 

It  consists  of  160 
servers  hosted  at  65 
sites  in  16  countries. 

The  goal  is  for  Planet- 
Lab  to  grow  to  1,000  widely 
distributed  server  nodes  that 
connect  into  the  majority  of 
the  current  Internet’s  regional 
and  long-haul  backbones. 

“It’s  a  playground  for  new 
services.  Depending  on  which 
service  you’re  most  excited 
about,  that’s  what  PlanetLab 
will  look  like,”  says  Frans 
Kaashoek,  a  professor  of  com¬ 
puter  science  and  engineering 
at  MIT,  a  PlanetLab  developer. 

Kaashoek  and  other  scien¬ 
tists  are  developing  architec¬ 
tures  that  will  automatically 
distribute  data  to  multiple 
points  around  the  globe  in  or¬ 
der  to  speed  delivery  and  will 
have  multiple  network  paths 
to  ensure  that  data  gets  to  its 
destination.  The  network  will 
read  data  requests  and  direct 
them  to  the  servers  closest  to 
the  point  of  origination  to  ful¬ 
fill  the  requests. 

The  challenge  for  scientists 
is  to  put  intelligence  into  the 


network  itself  so  it  can  under¬ 
stand  the  information  that’s 
being  transported  across  thou¬ 
sands  of  servers  and  millions 
of  miles  of  cable. 

PlanetLab,  which  is  up  and 
running  for  the  research  com¬ 
munity,  is  a  joint  project  being 
led  by  Intel  Corp.  and  about  70 
university  scientists  around 
the  world. 

Just  as  the  Internet  was  an 
overlay  network  on  top  of  the 
telephone  network, 
PlanetLab  provides 
for  an  additional  layer 
on  top  of  the  Internet. 
In  turn,  services  such 
as  streaming  media,  peer-to- 
peer  file  sharing  and  video- 
conferencing  will  be  layered 
on  top  of  PlanetLab. 

One  network  layer  atop 
PlanetLab  is  IRIS,  or  the  Infra¬ 
structure  for  Resilient  Inter¬ 
net  Systems.  IRIS  promises  to 
speed  up  searches  and  infor¬ 


mation  transfers  by  using  a 
self-organizing,  peer-to-peer 
overlay  network  to  position 
data  closer  to  end  users  and 
thwart  denial-of-service  at¬ 
tacks  by  balancing  loads 
among  Web  servers. 

John  Kubiatowicz,  an  asso¬ 
ciate  professor  at  the  Univer¬ 
sity  of  California,  Berkeley, 
says  IRIS  is  a  radical  depar¬ 
ture  from  the  client/server 
model  and  application-specif¬ 
ic  environment  of  today’s  In¬ 
ternet  because  of  its  ability  to 
spread  data  and  rebuild  it  us¬ 
ing  sophisticated  algorithms. 

Kubiatowicz  is  also  working 
on  another  layer  to  ride  on  top 
of  PlanetLab,  called  Ocean- 
Store,  which  is  a  utility-type 
service  for  storing  data  across 
millions  of  servers. 

Backup  Plan 

In  OceanStore,  Internet  ser¬ 
vice  providers  and  others 
would  be  paid  to  act  as  reposi¬ 
tories  for  the  world’s  informa¬ 
tion,  which  would  be  kept  as 
multiple  copies,  protected  by 
encryption  and  automatically 
rebuilt  should  any  single  stor¬ 
age  point  fail. 

“If  you  think  about  the  clas¬ 
sic  problem  with  archival  stor¬ 
age,  data  resides  on  tape  in 
some  basement,  and  10  years 
later  you  can’t  read  the  tape,” 
Kubiatowicz  says. 

“The  only  way  data  can  be 
preserved  over  the  long  haul  is 
if  it’s  separated  from  the  physi¬ 
cal  media  it’s  originally  stored 
on.  That  means  the  places 
where  it  is  stored  must  change 
over  time,”  he  explains. 

OceanStore’s  software  does 


that  by  breaking  data  into 
many  tiny,  encrypted  parts 
and  moving  them  across  a  vast 
array  of  Web  servers  that  can 
be  driven  by  policy  engines  to 
resave  or  move  data  to  differ¬ 
ent  formats  over  time. 

“You’d  pay  a  monthly  fee  to 
a  company  to  provide  a  stor¬ 
age  service,  and  in  turn,  that 
data  would  be  kept  secure  for 
hundreds  of  years,  protected 
via  encryption,  and  it  could  be 
accessed  from  anywhere  in 
the  world  quickly  because  it 
would  be  cached  locally,”  Ku¬ 
biatowicz  says.  “Basically, 
you’d  be  able  to  plug  into  the 
wall  and  get  storage.” 

Kubiatowicz  says  compa¬ 
nies  could  use  OceanStore 
for  routing  data  in-house  to 
servers  across  their  entire  in¬ 
frastructures  for  greater  re¬ 
dundancy  and  resiliency. 

Netbait  is  another  layer 
running  on  the  PlanetLab  test¬ 
bed.  Like  a  doctor  tracking  a 
new  virus  in  the  body  in  order 
to  discover  how  to  fight  it, 
Netbait  will  be  able  to  track 
worms  and  viruses  as  they 
appear  and  watch  how  they 
propagate,  developing  pro¬ 
files  to  help  stop  them  in  their 
tracks. 

“It’ll  look  at  the  way  [a 
virus]  is  trying  to  penetrate  a 
Web  site.  That  would  allow 
you  to  have  an  early  warning 
of  worm  or  virus  behavior,  al¬ 
lowing  for  faster  diagnostic 
analysis  and  the  ability  to  warn 
people  about  how  to  protect 
themselves  from  it,”  says  Kevin 
Teixeira,  a  spokesman  in  In¬ 
tel’s  research  division. 

While  scientists  are  cur- 


Plan  -  s  . 

Repair-oriented  computing: 

Software  that  enables  Web 
servers  and  routers  to  repair 
themselves. 

CoDeeM:  A  content  distribu¬ 
tion  network  that  automatic¬ 
ally  spreads  data  across  the 
Internet. 

A  programmable 
network  measurement  ser¬ 
vice. 

A  worm  detection  and 
tracking  service. 

Ocea?  A  storage  utility 
that  stores  multiple  copies  of 
documents  across  millions  of 
Internet  servers. 

A  self-organizing,  peer- 
to-peer  overlay  network  to  po¬ 
sition  data  closer  to  end  users. 


rently  using  PlanetLab  to  dis¬ 
seminate  research  informa¬ 
tion,  one  of  the  most  promis¬ 
ing  aspects  of  the  network  for 
everyday  users  is  its  ability  to 
provide  multiple  copies  of 
data  or  video  on  servers 
throughout  the  world,  closer 
to  those  requesting  it. 

“There  are  more  servers 
and  more  clever  algorithms 
that  know  how  to  send  data  to 
the  closest  computer  and 
cache  it  there,”  Kaashoek  says. 

The  new  Internet  will  un¬ 
fold  over  many  years,  he  says. 

“Just  as  the  telephone  [net¬ 
work]  emerged,  this  overlay  of 
intelligent  networks  will  grow 
and  populate,  and  there’ll  be 
certain  versions  of  it  that  peo¬ 
ple  will  eventually  standardize 
on,”  Kaashoek  says.  “In  an 
evolutionary  way,  the  Internet 
will  upgrade  itself  over  time.” 
©  43089 
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FUTURE 

WATCH 


YOUR  NEXT-GENERATION  NETWORK 
COULD  BE  JUST  A  SWITCH  AWAY 


More  and  more  of  your  desktops,  notebooks  and  servers  are  equipped  with  Gigabit  Ethernet— but  are  your  switches  also  ready  for  the 
increased  demands  of  real-time  business?  Broadcom’s  highly  integrated  Gigabit  technology  is  designed  to  speed  the  cost-effective 
migration  from  Fast  Ethernet  to  Gigabit  Ethernet,  end  to  end.  That’s  why  the  top  5  switch  manufacturers  turn  to  Broadcom  when  they  need 
high-performance,  field-proven  Gigabit  Ethernet  chips1  with  advanced  features  like  the  industry’s  only  built-in,  real-time  cable 
diagnostics  and  correction.  So  whether  you’re  upgrading  your  entire  enterprise,  your  remote  offices  or  just  select  departments,  Broadcom® 
technology  inside  your  switches  gives  you  what  you  need  to  complete  your  next-generation  network— today. 


To  have  a  true  next-generation  network,  you  need  to  have  Gigabit 
Ethernet  throughout  your  network,  end  to  end.  When  it’s  time  to 
upgrade  your  switches,  look  for  Broadcom*  technology  to  help  you 
create  that  hassle-free  network.  Register  for  our  new  webcast. 
"Network  Infrastructure  for  the  Next-Generation  Real-Time  Enterprise." 
now  at  www.computerworld.gobroadcom.com/webcast 


Broad co m£\  the  pulse  logo,  Connecting  everything®  and  the  Connecting  everything 
logo  are  trademarks  of  Broadcom  Corporation  and/or  its  subsidiaries  in  the  U ruled 
States  and  certain  other  countries.  All  other  trademarks  are  the  property  of  their 
respective  owners 


*  Source:  IOC.  Network  Qview.  August.  ?003 
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Dell  has  a  customized  IT  solution  for  your  business,  no  matter  what  business  you're  in,  or  what  size  it  is.  From  PowerEdge” 

servers  featuring  Intel®  Xeorf  processors  to  network  support  products  like  PowerVault”  storage  and  PowerConnect”  switches,  Dell  offers 
flexible,  high-performance  industry-standard  technologies  and  software  solutions  that  are  just  right  for  your  particular  business  needs. 
And  well  help  you  every  step  along  the  way.  Whether  it's  planning  and  design,  testing  and  validation,  systems  management,  or  our 
award-winning  24x7  service  and  support,  Dell  will  help  you  create  an  IT  infrastructure  that's  easy  to  choose,  deploy  and  manage.  So 
make  life  easy  on  yourself  and  get  a  big  advantage  over  your  competition — with  a  unique  IT  solution  from  Dell. 

PC  Magazine  Editors'  Choice  Award 

PowerEdge  1750 
— October  28, 2003 


I. 


Call:  M  F  7a-8p  Sat  8a  5p.  CT 

I  -'-i'.:.  pecmcalions.  availability  and  terms  of  offer  may  change  without  notice.  Taxes  and  shipping  charges  extra,  and  vary  and  not  subject  to  discounts.  U.S.  Dell  Small  Business  new  purchases  only.  Dell  cannot  be  held  responsible  for  errors  in  typography  or  photography  ‘This  device  has  not  been  approved 
h>  the  ‘  .-deal  Communications  Commission  for  use  in  a  residential  environment.  This  device  is  not.  and  may  not  be.  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained.  ’Service  may  be  provided  by  third  party'  Technician  will  be  dispatched 
following  phone -based  troubleshooting.  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract.  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell.  U.S.  only.  ’DDR  333  memory  runs  at  320MHz  when  used  with  800MHz  FSB  processors.  "Monthly  payment  based  on  pre-rebate 
Pf:i  ~  for  48-month  60  Days  Same  As  Cash-Quickloan  with  46  payments  at  9  99%  interest  rate.  Vour  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  If  you  do  not  pay  the  balance  within  60  days  of  the  QuickLoan  Commencement  Date  (which  is  five  days  after  product 
snips)  interest  will  accrue  during  those  first  60  days  and  a  documentation  fee  may  apply  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Minimum  transaction  size  of  $500  required  Maximum  aggregate  financed  amount  for  the  paperless  acceptance  not  to  exceed  $25,000 


File&Print  Servers 


Reliable  servers  that  make 
managing  your  network  easy. 


/VfWPOWEREDGE v  400SC  SERVER 


Small  Business  Value  Server 

•  Intel*  Celeron*  Processor  at  2GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.20GHz 
with  800MHz  Front  Side  Bus" 

•  128MB  333MHz  ECC  DDR  SDRAM  (Up  to  4GB] 

•  40GB  (7200  RPM|  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  Embedded  Intel®  PRO  Gigabit50  NIC 

•  1-Yr  24*7  Dedicated  Server  Phone  Tech  Support 

•  1-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 


POWEREDGE™  650*  RACK  SERVER 


1U  Value  Rack  Server 

•  Intel®  Pentium®  4  Processor  at  2.40GHz 

•  Upgradable  to  Intel®  Pentium®  4  Processor  at  3.06GHz 

•  256MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  4GB  of  SDRAM 

•  40GB  (7200  RPM)  IDE  Hard  Drive 

•  Upgradable  to  240GB  of  Internal  Hard  Drive  Storage 

•  ATA 100  IDE  RAID  Controller  Available 

•  Intel®  PRO  Gigabit5"  NIC 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 


$399 


E-VALUE  Code:  20259-  S21203g 


$1199 


as  low  as  $33/mo„  (46  pmts.30] 

E-VALUE  Code:  20259- S21211g 


Database&Web  Server  solutions  to  manage 
Hosting  Servers  diverse  networks 


POWEREDGE"  2600  TOWER  SERVER 


Multi-Use  Tower  Server 

•  Intel®  Xeon*  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon'  Processor  Capable  (Up  to  3.20GHz) 

•  512MB  266MHz  ECC  DDR  SDRAM 

•  Upgradable  to  6GB  of  SDRAM 

•  36GB  (10K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Active  ID  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

Q  as  low  as  $49/mo.,  (46  pmts.30) 

|  /  JJ  JJ  E-VALUE  Code:  20259-S21217g 


POWEREDGE  ™  1750*  RACK  SERVER 


Feature-Rich  1U  Rack  Server 

•  Intel®  Xeon“  Processor  at  2.40GHz 

•  Dual  Intel®  Xeon'  Processor  Capable  (Up  to  3.20GHz) 

•  1GB  266MHz  ECC  DDR  SDRAM  (Up  to  8GB) 

•  18GB  (15K  RPM)  Ultra320  SCSI  Hot-Swap  Hard  Drive 

•  Integrated  Dual-Channel  Ultra320  SCSI  Controller 

•  Active  ID  Front  Bezel  for  Monitoring  System  Health 

•  3-Yr  Next  Business  Day  On-Site  Service3 

•  Small  Business  Pricing 

as  'ow  as  555/mo.,  (46  pmts.30) 

E-VALUE  Code:  20259-  S21220g 


Dell  offers  a  wide  range  of  reliable,  award-winning  technology, 
all  delivered  from  a  single  point  of  contact — and  our  expert  sales 
associates  are  there  to  help  you  find  the  technology  that’s  right 
for  your  business. 


After  installation,  Dell  can  help  turn  your  employees  or  IT  staff  into 
experts  on  your  new  technology  through  a  variety  of  training  and 
certification  courses — helping  increase  your  business'  long-term 
productivity. 


Service&Support 


The  support  doesn't  end  at  the  sale.  Dell's  award-winning  service  and 
support  offerings  help  ensure  that  your  new  network  remains  up  and 
running — with  Web,  phone  or  on-site  service3  and  support. 


4-Way  Servers 

Build  a  powerful,  protected  network. 

POWEREDGE™  6600*  TOWER  SERVER 


High-Speed  Mission  Critical  Tower  Server 

•  Intel®  Xeon'  Processor  at  1 ,50GHz 

•  Quad  Intel®  Xeon'  Processor  Capable  (Up  lo  2.80GHz) 

•  512MB  DDR  SDRAM 

•  Up  to  32GB  266MHz  DDR  ECC  SDRAM 

•  Up  to  1752GB  Maximum  Internal  HDD  Storage 

•  Embedded  Ultra  SCSI  Adaptec®  (160MB/s)  Controller 

•  Standard  Hot-Swap  Hard  Drives.  Hot-Swap  Redundant 
Fans  and  Hot-Swap  Redundant  Power  Supplies 

•  10  Hot-Plug  PCI-X  Slots 

starting  at 

$  O  Q  Q  Q  as  low  as  $107/mo„  (46  pmts.30) 

J  E-VALUE  Code:  20259-S21239g 


Storage  Options  I  Network  Switches 

Cost  efficient  file  storage  to  I  Scalable,  high-performance  switches 

enhance  your  network.  ■  to  enhance  your  network. 


DELL™  POWERVAULT"  725N  NAS 


Optimized  File  Storage  Across  the  LAN 

•  Intel®  Celeron®  Processor  at  2GHz 

•  Microsoft®  Windows®  Powered  Network  Attached  Storage 

•  384MB  DDR  SDRAM  (Up  to  3GB) 

•  4x40GB  (160GB)  IDE  Hard  Drives 

•  Up  to  1 TB  of  Internal  Storage  Capacity 

d[  T1  as  low  as  $49/mo„  (46  pints?) 

I  /  E-VALUE  Code:  20259- S21217 


DELL/EMC 


If  you  have  more  than  300GB  of  storage,  visit  www.dell.com/storage4mybiz  for  low 
prices  on  Dell/EMC  storage  arrays. 


POWERCONNECT  “  3324*  SWITCH 


High-Performance  Workgroup  Switch 

•  24  Fast  Ethernet  Ports  plus  2  Gigabit  Uplinks  (2  Copper 
and  2  SFP  Transceiver  Combo  Slots  for  Fiber) 

•  Stacking  Functionality  of  Up  to  192  Ports 

•  Advanced  Network  Management  and  Security  Features 

•  Industry  Standard  CLI  and  Easy-to-Use  Web  Interface 

•  3-Yr  Next  Business  Day  Advanced  Exchange 
Service”  Standard 

Q  /\  ffcffc  as  low  as  $14/mo„  (46  pmts®) 

E-VALUE  Code:  20259-S11204 


Solutions  that  fit.  Easy  as 


DOLL 


Click  www.dell.com/bizsolutions  Call  1-877-776-3355 


toll  free 


If  your  order  exceeds  $25K.  a  Dell  Financial  Services  rep  will  contact  you  to  process  your  documentation.  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary.  Not  valid  on  past  orders  or  financing  QuickLoan  arranged  by  CIT  Bank  to  Small  Business  customers  wirh  approved 
credit  “This  term  indicates  compliance  with  IEEE  standard  802  3ab  for  Gigabit  Ethernet,  and  does  not  connote  actual  operating  speed  of  IGB/sec  For  high  speed  transmission,  connection  to  a  Gigabit  Ethernet  server  and  netwoik  infrastructure  is  required  “Technician,  .'eplacement 
part  or  unit  (depending  on  service  contract)  will  be  dispatched,  it  necessary,  following  phone-based  troubleshooting  in  advance  of  receipt  of  returned  defective  unit.  Service  may  be  provided  by  third-party  provider  Subject  to  parts  availability,  geographical  restrictions  and  terms  of 
service  contract  Service  timing  dependent  upon  time  of  day  call  placed  to  Dell.  Defective  unit  must  be  returned.  Replacements  may  be  refurbished  U  S  only  Dell,  the  stylized  E  logo,  E-Value.  PowerEdge.  PowerConnect  and  PowerVault  are  trademarks  of  Dell  Inc  Intel  Intel  Inside, 
the  Intel  Inside  logo.  Intel  Xeon.  the  Intel  Xeon  logo ,  Pentium  and  Celeron  are  trademarks  or  registered  trademarks  ol  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  ©2003  Dell  Inc  All  rights  reserved 
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Single  Sign-on 
Effort  FaHs  Short 


With  no  input  from  IT  security,  a  system  is 
adopted  that  leaves  out  some  apps  and 
creates  headaches.  By  Mathias  Thurman 


UST  WHEN  I  THOUGHT 
we  had  solved  one  set  of 
IT  security  problems  by 
getting  the  human  re¬ 
sources  department  to  proper¬ 
ly  train  new  hires,  another  has 
cropped  up  with  our  IT  team 
and  a  new  single  sign-on  sys¬ 
tem  it  has  deployed.  The  sys¬ 
tem  was  designed  without  in¬ 
put  from  the  IT  security  team 
and  at  least  one  other 
department  that  will 
be  affected.  Now 
we’re  dealing  with  the 
issues  after  the  fact. 

The  single  sign-on 
project  addresses  a 
significant  problem. 

There  are  several  ways  for  em¬ 
ployees  to  log  into  different 
parts  of  our  IT  infrastructure, 
and  each  requires  entering  a 
separate  set  of  credentials. 

The  single  sign-on  system 
will  make  life  easier  for  users, 
giving  them  access  to  a  broad 
set  of  applications  and  ser¬ 
vices  with  just  one  user  ID 
and  password. 

The  IT  group  has  been  talk¬ 
ing  about  this  for  some  time, 
but  several  obstacles  have 
kept  the  project  sidelined  until 
now.  The  biggest  was  the  fact 
that  we  bought  Novell  Inc.’s 
eDirectory  directory  services 
and  iChain  identity  manage¬ 
ment  software  to  handle  the 
authentication  of  our  People- 
Soft  system. 

But  we  also  deployed  Win¬ 
dows  2000,  which  uses  Active 
Directory  for  authentication, 
and  our  Exchange  server  uses 
yet  another  directory  struc¬ 
ture. 

Unfortunately,  these  infra¬ 
structures  were  designed  sep¬ 
arately,  with  no  common  vi¬ 
sion,  so  there’s  a  lot  of  dupli¬ 


cation.  To  make  matters 
worse,  none  of  these  directo¬ 
ries  were  mirrored  in  anticipa¬ 
tion  of  a  catastrophe.  Sure,  we 
backed  up  the  data,  but  we 
didn’t  have  another  system  on 
standby  to  take  over  the  au¬ 
thentication  process  in  the 
event  of  a  hardware  failure. 

This  week,  the  IT  group  and 
I  finally  began  migrating  users 
to  a  single  authenti¬ 
cation  system  based 
on  eDirectory  that’s 
fully  mirrored,  clus¬ 
tered  and  load- 
balanced. 

We  mirror  the 
data  to  another  data 
center,  so  in  the  event  of  a  fire, 
malicious  damage  or  other 
event,  the  alternate  data  cen¬ 
ter  will  automatically  begin 
accepting  authentication  re¬ 
quests. 

The  No-Name  Log-in 

This  new  system  makes  log¬ 
ging  in  very  convenient,  ex¬ 
cept  for  one  problem.  Instead 
of  logging  in  with  our  tradi¬ 
tional  usernames  (we  used  a 
naming  convention  that  close¬ 
ly  matches  each  employee’s 
actual  name),  we’re  using 


Identifying  the  users 
requires  matching 
the  IDs  to  the  users’ 
names.  It  will  be  an 
annoyance  and  take 
a  lot  of  time. 
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employee  ID  numbers. 

Personally,  I  didn’t  even  re¬ 
call  that  I  had  an  employee  ID, 
much  less  remember  the  num¬ 
ber  itself.  Until  now,  our  IDs 
had  been  used  only  by  the  HR 
and  finance  departments  for 
personnel  tracking,  so  I  was 
surprised  when  I  received  an 
e-mail  stating  that  I  must  start 
using  mine.  Like  other  em¬ 
ployees,  I  was  given  a  week’s 
advance  notice  and  informed 
that  I  would  also  have  to 
change  my  password. 

The  decision  to  use  our  em¬ 
ployee  ID  numbers  in  this  way 
has  implications  for  the  IT  se¬ 
curity  team.  It  will  end  up  cre¬ 
ating  more  work  for  my  group 
and  some  other  groups,  such 
as  the  IT  help  desk.  Here’s 
why:  In  our  case,  most  of  the 
audit  and  security  software  we 
use  lets  us  view  users  by 
name.  Because  our  log-in 
names  are  based  on  the  users’ 
real  names,  we  can  quickly 
match  the  person  to  the  event 
when  there’s  a  problem. 

With  the  new  system,  all  we 
see  is  a  number.  Identifying 
the  users  requires  the  extra 
step  of  matching  the  IDs  to 
the  users’  names.  Given  the 
frequency  with  which  we’ll 
need  to  do  that,  it  will  be  an 
annoyance  and  take  a  lot  of 
time. 

Neither  the  IT  security 
group  nor  the  IT  help  desk 
was  included  in  the  decision¬ 
making  during  the  design  of 
the  single  sign-on  system.  Had 
we  been  involved,  both  groups 
would  have  voiced  strong  ar¬ 
guments  against  using  em¬ 
ployee  IDs  for  this  purpose. 

While  I  don’t  yet  know  why 
the  decision  was  made,  I 
would  certainly  agree  that 
there  is  a  sense  of  anonymity 
in  using  numbers.  Perhaps 
that  was  the  driving  factor. 

So  far,  the  problem  isn’t  so 
bad,  because  only  a  few  hun¬ 


dred  people  have  been  con¬ 
verted  to  the  new  system.  But 
soon  the  entire  company  will 
be  using  it. 

Not-So-Single  Sign-on 

There’s  another  problem  with 
the  new  system:  It’s  not  inclu¬ 
sive  of  all  our  applications. 

For  example,  our  software 
developers  use  a  content  ver¬ 
sioning  application  that  tracks 
changes  in  software  under 
development.  There  are  also  a 
dozen  or  so  external  develop¬ 
ment  sites,  several  of  which 
are  outside  of  the  U.S.,  that 
use  this  system.  To  configure 
this  application  to  use  single 
sign-on  would  be  a  nightmare. 

Also,  the  sales  department 
uses  CRM  tools.  Since  the  in¬ 
formation  this  system  contains 
is  highly  confidential,  the  IT 
team  decided  not  to  incorpo¬ 
rate  the  sign-on  for  it  in  the 
enterprise  directory. 

Within  the  security  depart¬ 
ment,  we  have  RSA  SecurlD 
servers  configured  to  authen¬ 
ticate  systems  and  network 
administrators  to  resources 
within  the  infrastructure.  It 
would  be  nice  if  we  could  tie 
that  whole  system  into  the  en¬ 
terprise  single  sign-on  appli¬ 
cation,  but  we  would  have  too 
much  to  lose  if  there  was  a  se¬ 
curity  breach. 

We  use  SecurlD  for  access 
to  our  most  critical  systems, 
which  are  responsible  for  our 
revenue  and  corporate  image. 
But  for  now,  we  are  going  to 
keep  all  of  these  specialized 
environments  separate  from 
the  environment  that  caters  to 
the  mass  employee  populace. 

So,  what’s  the  lesson 
learned  here?  It’s  that  even  as 
my  company  and  others  throw 
around  the  term  single  sign-on, 
it’s  rare  that  an  organization  of 
our  size  can  institute  a  true 
single  sign-on  environment 
that  works  for  all  applications 
enterprisewide.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a159Q 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

©  computerworld.com/secjournal 
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The  Best  Damn  Firewall  Book 
Period,  by  Cherie  Amon, 
Thomas  W.  Shinder  and  Anne 
Carasik-Henmi; 

Syngress,  2003 

If  you  do  any  secu¬ 
rity  consulting, 
you’ll  want  to  pick 
up  this  book -and 
you’ll  need  to  use 
both  hands  because 
it  has 1,200-plus 
pages  and  weighs  about  three 
pounds. 

The  Best  Damn  Firewall 
Book  Period  is  an  encyclope¬ 
dic  source  of  information  on 
some  of  the  most  widely  used 
firewalls,  with  extensive  de¬ 
tails  on  Cisco  PIX  and  Check 
Point  firewalls.  The  authors 
provide  so  many  details  that 
you  can  completely  install, 
configure  and  go  live  with  one 
of  those  brands  without  using 
any  other  documentation.  One 
caveat:  The  book  covers  only 
newer  versions  of  these  fire¬ 
walls;  users  of  older  products 
should  look  elsewhere. 

I  have  a  few  quibbles.  For 
example,  the  increasingly  pop¬ 
ular  NetScreen  firewalls  aren’t 
covered,  and  the  chapter  on 
Snort  intrusion-detection  soft¬ 
ware  is  no  replacement  for  a 
good  Snort  2.0  reference 
book.  However,  users  of  new¬ 
er  PIX  and  Check  Point  prod¬ 
ucts  certainly  can’t  go  wrong 
with  this  title. 


Check  Point  Offers 
New  VPN-1  VSX 

Check  Point  Software  Tech¬ 
nologies  Ltd.  has  upgraded  its 
VPN-1  VSX  virtual  private  net¬ 
work  security  appliance.  It 
now  includes  Check  Point’s 
Application  Intelligence  tech¬ 
nology  to  protect  against  ap¬ 
plication  layer  attacks,  as  well 
as  SmartDefense  network 
attack  protection  and  VPN-1 
SecureClient  for  remote  ac¬ 
cess  and  desktop  security. 

VPN-1  VSX  supports  up  to 
250  virtual  systems  running 
on  one  platform,  according  to 
Redwood  City,  Calif.-based 
Check  Point.  VPN-1  VSX  is 
available  now  and  starts  at 
$24,000. 


i  want  to 


Start  growing  your  business  securely  with  Intrusion  Prevention  Solutions  from  McAfee  Security. 

With  a  powerful  combination  of  McAfee  System  Protection  and  Network  Protection  Solutions,  McAfee  Security  does, 'nfore'  fhaiVnferely  detect 
known  and  unknown  threats — it  actually  prevents  them.  From  the  desktop,  to  the  network,  to  the  server,  the  McAfe^:.  :Pfp't0eti6n-.ir>rDept;h'. 
strategy  and  our  proven  Intrusion  Prevention  technologies  provide  complete  protection  for  the  enterprise.  So  you  can  spend  less,  tii he  thinking 
about  security  issues  and  more  time  thinking  about  growth  issues.  Learn  moie  today  at  start.mcafeesecurity.com  -  .  • , 


Because  security  is  not  just  about  what 'you  can  stop 


Network  Associates 


NETCRAFT  FINDS  THAT  1&1  IS  THE  WORLD'S  LARGEST  WEB 
HOST  AND  ALSO  POSTS  THE  GREATEST  GROWTH  WITH  A 
508%  EXPANSION  FROM  MARCH  2002  TO  MARCH  2003" 


NETCRAFT  LTD.  INDEPENDENT  SURVEY,  JULY  2003 
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THE  WORLD'S  #1  WEB  HOST  IS  HERE 
TO  HELP  YOU  DO  MORE  ON  THE  WEB 


Part  of  United  Internet,  a  public  company  with  3,500  passionate  employees  •  Previously  served  only  large  providers 
in  the  USA  &  now  serving  end  users  directly  •  Completely  focused  on  small  businesses  like  yours  since  1992  •  2.5  million 
customers  &  the  industry's  lowest  churn  rates  *4  data  centers  operated  in  USA  &  Europe  with  19,000  servers  up  & 
running  •  Own  backbone  with  12,000  Mbit  connectivity  •  Truly  interactive  solutions  including  CRM  &  e-Commerce 

GET  OUR  BEST  HOSTING  PLAN  -  NORMALLY  S29/ MONTH 


3  YEARS  FREE 

LIMITED  TIME  PRE-LAUNCH  PROMOTION 
SAVE  S1000  —  NO  COMMITMENT  NECESSARY 


500  MB,  5x  FTP,  backups,  Firewalls 
5000  MB/mth  traffic,  $0.99/GB  only  for  additional 
traffic,  99.9%  up-time  guarantee  50  POP3  accounts,  Symantec 

virus  scanning,  Webmait  Live  site  statistics,  log  files, 

turnkey  CGI-library,  own  CGI,  FrontPage  2002  extensions,  multiple  pass¬ 
word  protection,  mySQL,  SSL  encryption,  Cron  Jobs,  SSH,  Developer  tools 


1&1  Express  support 


Form  editor,  Newsletter  Management  tools, 
one-on-one  online  dialogues,  turnkey  web  database  applications,  Chats, 
Forums  Template-ready  online  WebsiteCreator,  full  ver¬ 

sion  NetObjects  Fusion  7.0,  Search-Engine  Registration  and  many 
more  worth  $300,  absolutely  free  Register  or  transfer 


unlimited.com  and  other  leading  domains  for  just  $5.99  each  per  year,  50 
sub-domains,  point  up  to  100  domains  registered  elsewhere  to  this  plan 


No  credit  card  needed. 
No  obligations.  No  banners.  No 
spam.  No  calls.  Strict  privacy. 


Upload  your  current 
site.  Or,  build  a  new  one  with 
template-ready  WebsiteCreator. 


Upgrade  your  site 
with  ready-to-run  forms,  chat, 
database  applications  and  more. 


Sign  up  today 
and  we'll  give  you  a  $25  voucher 
for  Google  AdWordsT 


THE  CONFIDENCE  TO  OFFER  3  YEARS  FREE 


By  creating  this  unique  opportunity  to  test  1&1  risk-free,  we  are  investing  in  you  rather  than  additional 
advertising.  You  see,  we  believe  you'll  be  so  pleased  with  our  services,  you'll  stay  with  us  and  even  recommend  us  to  your  friends.  Then  after 
the  3  years,  you  can  effortlessly  switch  to  any  1&1  hosting  plan  ranging  from  $5  to  $29.  One  plan  per  customer  only.  Promotion  expires  1/14/04 
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Radware  Releases 
Security  Switch 

Radware  Inc.  in  Mahwah,  N.J., 
last  week  announced  the  release 
of  DefensePro,  a  high-perfor¬ 
mance  security  switch  that’s 
designed  to  handle  multigigabit 
security  switching,  intrusion  pre¬ 
vention  and  denial-of-service  pro¬ 
tection.  DefensePro  is  available 
now.  Pricing  starts  at  $25,000. 


Mirapoint  Updates 
Message  Server 

Mirapoint  Inc.  is  releasing  a  new 
version  of  its  Message  Server 
e-mail  appliance,  called  the 
45-Series,  and  a  new  Message 
Director  MD450  security  appli¬ 
ance.  Updates  include  replacing 
Intel  Pentium  III  chips  with  more 
powerful  Xeon  processors,  ac¬ 
cording  to  Sunnyvale,  Calif.- 
based  Mirapoint.  The  Message 
Server  line  begins  at  $15,000, 
while  pricing  for  Message  Director 
starts  at  $25,000. 


Beta  for  Speech 
Server  Released 

Microsoft  Corp.  last  week  re¬ 
leased  the  second  beta  version  of 
its  Speech  Server.  The  new  beta 
can  run  multiple  applications  and 
adds  support  for  Peabody,  Mass.- 
based  ScanSoft  Inc.’s  Speechify 
Text-to-Speech  Engine  3.0.  Also, 
Microsoft  released  the  fourth  beta 
version  of  its  Speech  Application 
Software  Development  Kit.  The  fi¬ 
nal  versions  of  Speech  Server 
and  its  accompanying  software 
development  kit  are  due  in  the 
first  half  of  next  year. 


Proxim  Offers  Free 
Wireless  Upgrades 

Proxim  Corp.  this  week  will  re¬ 
lease  free  firmware  upgrades  for 
its  enterprise-class  wireless  LAN 
access  points.  The  upgrades  will 
make  it  easier  for  IT  managers  to 
detect  rogue  access  points  and  to 
centrally  control  power  levels  of 
access  points,  according  to  Sun¬ 
nyvale,  Calif.-based  Proxim. 


TOMMY  PETERSON 


Make  Your  List, 
Check  It  Twice 


AS  THE  YEAR  DRAWS  to  a  close,  we  find 
ourselves  surrounded  by  the  festive  tradi¬ 
tions  of  the  season.  Jolly  old  elves  and 
prancing  reindeer  have  been  trucked  in 
and  deposited  on  the  manicured  lawns  of 
corporate  headquarters  and  bask  in  the  glow  of  the 
lights  proclaiming  “Season’s  Greetings”  to  passing  mo¬ 
torists.  Miniature  trees  and  plastic  candles  twinkle 


cheerfully  in  corners  of  of¬ 
fices  and  cubicles.  There  are 
way  too  many  sweets  every¬ 
where. 

Grown  men  and  women  in 
IT  shops  are  making  wish 
lists  and  formulating  their 
justifications  for  having 
those  wishes  fulfilled.  Of 
course,  since  they’re  prepar¬ 
ing  their  pitches  for  the  busi¬ 
ness  side  of  the  company  in¬ 
stead  of  for  a  short,  white- 
bearded  guy  with  a  body 
mass  index  of  35,  their  argu¬ 
ments  rest  on  productivity 
and  ROI  rather  than  on  whether  the 
geeks  have  been  naughty  or  nice. 

Those  lists  CIOs  and  other  high- 
level  IT  managers  make  of  their  spend¬ 
ing  priorities  for  the  year  ahead  will  be 
checked  more  than  twice  as  their  com¬ 
panies  navigate  into  and  through  2004. 
Toys  for  techies  are  gone  from  enter¬ 
prise  IT  budgets,  but  technology  invest¬ 
ment  is  essential  if  companies  are  to 
move  ahead  or  even  keep  up  with  the 
competition.  In  these  budget  confronta¬ 
tions,  however,  discretion  is  often  the 
better  part  of  valor.  Below  are  my  picks 
for  the  technology  areas  that  IT  man¬ 
agers  should  focus  on  for  now  if  they 
want  to  avoid  duking  it  out  with  their 
CFOs  —  and  probably  losing. 

■  Storage,  especially  storage  management. 
Storage  falls  a  little  short  in  the  glamour 
department,  but  in  an  information  econ¬ 
omy,  companies  must  have  somewhere 
to  keep  and  some  way  to  manage  all  that 
information.  Adding  to  the  pressure  is 
the  growing  array  of  state  and  federal 


regulations  requiring  busi¬ 
nesses  to  retain  even  more 
information.  As  the  mounds 
of  data  grow,  users  demand 
easier  access  to  stored  data 
and  flexibility  in  storage  re¬ 
sources.  Management  sys¬ 
tems  and  virtualization  soft¬ 
ware  come  with  hefty  price 
tags.  But  no  one  would  ac¬ 
cuse  an  IT  manager  of  going 
for  the  glitz  for  proposing 
them,  and  storage  is  central 
to  almost  any  business. 

Storage  also  includes  the 
backup  and  disaster  recov¬ 
ery  technologies  that  ease  the  minds  of 
everyone  in  the  company  fretting  about 
terrorism,  natural  disasters  and  trees 
growing  around  power  lines  in  Ohio. 

■  Security.  You  won’t  have  to  fight  for 
this  one.  Even  through  the  past  couple  of 
years  when  the  remnants  of  the  technol¬ 
ogy  bubble  were  unattractively  splat¬ 
tered  all  over  the  economy,  companies 
were  spending  on  IT  security.  Antivirus 
software,  intrusion  detection  and  pre¬ 
vention  systems  and  patch  management 
systems  are  all  essential  investments  — 
just  make  sure  they  are  implemented 
along  with  well-crafted  security  policies 
and  enforced  best  practices,  which  are  as 
important  as  the  technology. 

Identity  and  access  management  sys¬ 
tems  that  include  provisioning  and 
strengthened  authentication  mecha¬ 
nisms  can  increase  productivity  along 
with  security  in  your  organization. 

■  Business  intelligence  and  data  warehous¬ 
ing.  Carefully  chosen  and  deployed  busi¬ 
ness  intelligence  systems  do  the  magic 


trick  at  the  heart  of  IT:  They  change 
amorphous  piles  of  data  into  useful 
information  and  open  an  avenue  to  in¬ 
sights  that  can  transform  a  business.  Just 
be  wary  of  the  seemingly  endless  vari¬ 
eties  of  software  that  offer  “real-time” 
monitoring  of  every  peristaltic  burble 
and  hiccup  in  the  enterprise,  to  no  ap¬ 
parent  business  end. 

■  Middleware  and  other  integration  tech¬ 
nologies.  Heterogeneous  IT  environ¬ 
ments  are  a  fact  of  life  —  even  a  blessing, 
say  some.  Companies  that  want  to  con¬ 
tinue  getting  value  from  their  legacy  sys¬ 
tems  as  they  add  new  systems  and  appli¬ 
cations  will  need  the  technology  to  link 
them  together. 

I  fear  that  this  list  is  the  IT  equivalent 
of  the  socks  and  underwear  your  mother 
always  gives  you.  But  these  are  the  es¬ 
sential  technologies,  the  ones  in  which 
your  company  can’t  afford  to  fall  behind. 
This  isn’t  the  year  to  ask  for  the  pony. 

The  adoption  of  wireless  is  inevitable, 
and  the  technology  has  already  penetrat¬ 
ed  to  the  center  of  some  industries,  but 
for  most  businesses,  it’s  still  a  novelty. 

I’m  convinced  that  Web  services  will 
eventually  transform  IT,  but  the  technol¬ 
ogy  still  operates  at  the  margins,  maybe 
because  the  standards  stack  is  still  in 
flux.  Or  perhaps  because  infrastructure- 
level  Web  services  are  just  beginning  to 
receive  attention. 

Certainly  take  a  hard  look  at  open- 
source  options  when  you’re  shopping  for 
technology. 

Keep  an  eye  on  voice  over  IP,  the  re¬ 
turn  of  CRM,  and  new  search  and  text¬ 
mining  technologies  that  will  help  you 
take  a  crack  at  squeezing  some  intelli¬ 
gence  out  of  all  that  unstructured  data 
piling  up  in  your  company. 

And  be  patient.  There’s  a  good  chance 
the  economy  will  be  stronger  a  year 
from  now.  The  technologies  will  mature 
and  improve.  Maybe  it  will  be  time  for 
the  pony  —  or  at  least  the  latest  version 
of  PlayStation.  ©  43260 
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EMC2 


where  information  lives 


EMC  has  everything  you  need  to  create  a  network-ready,  direct-attached,  or  SAN  environment  at  a 
surprisingly  affordable  price.  CLARiiON  networked  storage  packages  are  complete  hardware,  software, 
and  service  bundles  that  feature  EMC’s  award-winning  technology  and  SAN  switches  from  Brocade’: 
Now  at  prices  that  can  help  you  safeguard  your  budget  as  well  as  your  information. 

just  visit  www.EMC.eom/CX2o0  or  call  1-866-EMC-1500  to  get  started. 


EMC2 

Find  an  authorized  EMC  Velocity2  Partner 
prccmuS  at  www.EMC.com/velocity. 


Get  on  the  best  growth 
path  in  storage. 


EMC.2  EMC.  where  information  lives.  Navisphere.  and  CLARiiON  are  registered  trademarks  and  Connectrix  and  Access  Logix  are  trademarks  of  EMC  Corporation. 
Brocade  is  a  registered  trademark  of  Brocade  Communications  Systems.  Inc.  ©2003  EMC  Corporation.  All  rights  reserved. 


Join  Us  to  Map 
the  Future  of  IT 

Strategic  problem-solving  and  peer  networking  with  thi  nation’s  IT  leaders 


FEATURED  SPEAKERS  INCLUDE: 


EVP  &  CIO 

&  American  Express 


Conference  sessions  will  cover  these  critical  areas: 

•  Extending  Data  Management,  Enterprise  Integration  and  Web  Services 

•  Creating  a  Next-Generation  Infrastructure,  Reducing  Complexity 
and  Enhancing  Business  Value 

•  Charting  New  Directions  in  IT  Governance,  Regulatory  Compliance 
and  Project  Leadership 

•  Advancing  Security  and  Business  Continuity 

Computerworld’s  Premier  100  IT  Leaders  Conference  is  a  dramatically  different,  high 
impact  executive  event.  Now  in  its  5th  year,  this  annual  conference  brings  together 
hundreds  of  senior  IT  executives  for  a  compelling  series  of  high-level  discussion  panels, 
presentations  and  peer  networking  activities. 

The  Premier  100  IT  Leaders  for  2004  will  be  announced  and  profiled  in  our  January  5, 
2004,  issue  of  Computerworld  and  honored  during  a  special  ceremony  at  the  March  7-9, 
2004,  conference.  Rich  with  peer  advice  and  real-world  case  studies,  the  conference 
content  is  built  directly  from  user  feedback  provided  by  the  honorees  themselves.  Our 
editors  design  a  no-nonsense  agenda  that  features  Premier  100  honorees  and  other  IT 
leaders  focusing  exclusively  on  top-of-mind  issues  and  concerns  of  senior  IT  management. 
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OPINION 

Behind  the  Eight  Ball 

Bart  Perkins  says  the  big  outsourcers 
are  being  undercut  by  smaller  upstarts. 
It’s  bad  news  for  giants  like  IBM  and 
EDS,  but  it  could  mean  falling  prices 
for  their  clients.  Page  54 


The  Pros  &  Cons  of  CMM 

Outsourcers  tout  their  high  Capability 
Maturity  Model  ratings,  yet  many  U.S. 
companies  can’t  take  advantage  of 
that  quality  and  end  up  paying  for 
more  than  they  need.  Page  50 


Preventing  P2P  Abuse 

Corporate  IT  managers  can  learn  from  their 
counterparts  on  college  campuses  who  have 
become  experts  in  combating  the  security 
and  network  overload  problems  caused  by 
peer-to-peer  file  swapping.  Page  52 


A  brain  drain  is  coming  when 
the  economy  improves,  and  your  top  IT 
talent  may  be  headed  out  the  door. 


alf  your  IT  middle  managers 
may  be  planning  to  quit  as  soon 
as  the  economy  improves.  Recent 
surveys  and  anecdotal  evidence 
indicate  that  many  have  already 
checked  out  psychologically  and 
are  just  waiting  for  the  chance  to 
move  on.  If  you  don’t  prepare  for  this  exodus,  when 
the  money  loosens  up  and  IT  initiatives  begin  to 
flow,  you  may  find  that  you  lack  the  talent  to  deliver. 

The  impending  IT  brain  drain  is  “one  of  the  dark 
secrets  of  the  industry  right  now,”  says  Vaughan  Mer- 
lyn,  an  analyst  at  The  Concours  Group  in  Kingwood, 
Texas.  “Wherever  I  go,  the  grumbling  amazes  me.  I 
see  it  all  the  time.” 

“People  tell  me  awful  tales  about  working,  and 
their  loyalty  is  shot,”  adds  Tom  DeMarco,  a  consul¬ 
tant  at  Cutter  Consortium  in  Arlington,  Mass.,  and 
author  of  Slack:  Getting  Past  Burnout,  Busywork  and 
the  Myth  of  Total  Efficiency  (Broadway  Books,  2002). 
“The  problem  is  that  they’re  all  liable  to  leave  at  the 
same  time.” 

A  July  2003  survey  of  509  U.S.  middle  managers  by 
Accenture  Ltd.  found  that  38%  are  currently  looking 
for  another  job  and  10%  plan  to  go  job  hunting  when 
the  economy  improves.  Though  the  survey  didn’t  fo¬ 
cus  exclusively  on  IT,  Ed  Jensen,  a  partner  in  the  hu¬ 
man  performance  practice  at  Accenture,  says  IT 
managers  at  various  client  sites  have  told  him  they’re 
essentially  already  gone. 

Late  last  year,  another  survey,  by  Spherion  Corp.  in 
Fort  Lauderdale,  Fla.,  and  Harris  Interactive  Inc.  in 
Rochester,  N.Y.,  questioned  3,278  U.S.  workers  and 
found  that  51%  want  to  leave  their  current  jobs  (up 
from  33%  in  1999).  The  dissatisfaction  is  even  more 
pronounced  in  IT,  where  40%  of  workers  reported 
poor  or  fair  job  satisfaction  compared  with  28%  of 
the  total  sample. 

“There’s  a  large  amount  of  dissatisfaction  out 
there,”  says  Scot  Melland,  CEO  of  Dice  Inc.,  a  Web- 
based  recruiting  firm  in  New  York.  “Some  of  it  might 
be  fair  and  some  a  reaction  to  how  the  world  has 
changed,  but  it’s  real.” 

A  Seismic  Shift 

Job  changing  after  an  economic  upheaval  isn’t  unusu¬ 
al,  but  observers  say  recent  history  and  a  seismic  de¬ 
mographic  shift  will  make  the  coming  phenomenon 
worse  than  in  the  past,  especially  in  IT,  where  bud¬ 
gets  have  been  axed  particularly  hard.  “Many  IT  peo¬ 
ple  were  downsized,  and  those  who  remained  find 
themselves  literally  overwhelmed,”  Merlyn  explains. 

“People  are  feeling  used,”  DeMarco  agrees,  adding 
that  baby  boomers  remember  similar  treatment  dur- 
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jj|§  vs.  Emergent  Workers 

The  “emergent”  worker  crosses  all  boundaries  of  age,  education,  industry 
and  company  size,  but  IT  workers  are  among  the  most  emergent,  according  to  Spherion. 

Here’s  how  emergent  workers  differ  from  traditional  employees: 

!  Emergent  employee 

Commits  for  the  long  term. 

[  ■  Commits  to  perform  now. 

Wants  employer  to  provide  the  career  path. 

|  ■  Wants  responsibility  for  career  path. 

Concerned  with  security,  stability  and 
clear  direction. 

■  Concerned  with  opportunities  for  learning 
!  and  growth. 

Wants  rewards  based  on  seniority. 

j  ■  Wants  rewards  based  on  performance. 

Thinks  changing  jobs  can  damage  career. 

■  Thinks  changing  jobs  can  enhance  career. 

Defines  loyalty  as  longevity. 

_ 

l  *  Defines  loyalty  in  terms  of  work  contribution. 

ing  the  downsizings  of  the  early  ’90s,  and  many  Gen 
Xers  saw  their  parents  laid  off  in  those  days.  “So  any 
loyalty  they  might  feel  is  complicated  by  the  fact 
their  parents  were  screwed,”  he  says. 

As  a  result,  Gen  Xers  came  to  IT  expecting  to  work 
for  many  companies  over  the  course  of  their  careers. 
“They’re  much  more  open  to  saying,  ‘If  I  can’t  get  it 
here,  I’ll  find  it  elsewhere,’  ”  Jensen  says.  “It’s  a  differ¬ 
ent  mind-set  —  a  free-agent  mind-set.” 

Since  that  ability  to  move  has  been  curtailed  by  the 
tight  job  market,  there’s  a  pent-up  desire  for  change, 
even  among  those  with  few  com¬ 
plaints,  Merlyn  says. 

The  Emerging  Workforce  Study 
conducted  by  Harris  and  Spherion, 
which  has  measured  changes  in  work¬ 
force  attitudes  since  1997,  has  docu¬ 
mented  a  significant  shift.  As  late  as 
1997,  34%  of  workers  surveyed  still 
held  “traditional”  values  that  empha¬ 
size  long-term  company  loyalty  (see  sidebar  above). 
This  year,  only  21%  did,  and  in  IT,  only  9%.  The 
rest  held  “emergent”  or  free-agent  values,  or  were 
migrating  in  that  direction. 

Despite  this  shift,  Spherion  estimates  that  more 
than  half  of  U.S.  companies  still  use  traditional  man¬ 
agement  styles  and  as  a  result  are  in  danger  of  losing 
their  emergent  workers  at  an  even  higher  rate. 

Replacing  IT  workers  who  leave  won’t  be  as 
easy  as  it  looks,  DeMarco  says.  “The  buffer  of  unem¬ 
ployed  IT  people  could  be  hired  up  in  the  first  two 
or  three  months,”  he  notes,  “and  workers  in  IT  are 
not  fungible.”  Those  available  are  disproportionate¬ 
ly  generalists  without  the  skills  you’ll  be  looking 
for,  he  says. 

Besides,  you’ll  need  to  do  more  than  replace;  you’ll 
need  to  grow. 

The  U.S.  Bureau  of  Labor  Statistics  forecasts  that 
the  top  five  fastest-growing  job  categories  through 
2010  are  all  in  IT:  software  applications  engineer, 
support  specialist,  systems  software  engineer,  net¬ 
work  and  systems  administrator,  and  network  sys¬ 
tems  and  data  communications  analyst. 

Meanwhile,  the  vanguard  of  baby  boomers  will 
soon  be  reaching  retirement  age,  and  the  numbers  to 


replace  them  just  aren’t  there.  According  to  Harvard 
University  economist  David  T.  Ellwood,  from  1980 
to  2000,  the  “prime-age”  workforce  —  25  to  54  — 
grew  by  54%.  Over  the  next  20  years,  it  will  grow 
by  only  3%. 

“We’re  in  the  middle  of  a  major  demographic  shift,” 
says  Jensen.  “It’s  one  thing  to  say  people  are  turning 
over,  but  the  pool  of  talent  that  is  available  to  replace 
them  is  tight,  and  that  will  drive  the  price  up.” 

In  fact,  the  cost  per  hire  has  increased  nearly  71% 
since  1998,  according  to  the  Saratoga  Institute  Inc.,  a 
Santa  Clara,  Calif.-based  human  re¬ 
sources  unit  of  Pricewaterhouse- 
Coopers.  Spherion  estimates  that  the 
cost  of  replacing  lost  emergent  work¬ 
ers  could  be  about  $1  million  for  an 
IT  group  of  100.  And  that’s  assuming 
you  can  replace  those  who  leave. 

Given  all  these  impending  pres¬ 
sures,  the  postrecovery  decampment 
will  be  happening  at  the  worst  possible  time.  “The 
problems  that  arise  are  myriad:  the  loss  of  knowledge 
in  the  organization,  managing  the  workload,  disrup¬ 
tion  as  people  leave  and  the  expense  of  replace¬ 
ment,”  Jensen  says. 

Heading  Off  the  Exodus 

Despite  the  convergence  of  risk  factors,  some  IT 
managers  may  be  blindsided  by  the  exodus  because 
when  jobs  are  scarce,  people  don’t  complain.  “People 
might  grumble  around  the  cooler  with  colleagues, 
but  they  probably  don’t  grumble  upwards,”  Merlyn 
says.  “You  keep  your  head  down  and  lay  low.” 

But  there  are  things  you  can  do  to  assess  and  miti¬ 
gate  your  risk. 

■  Look  for  signs  of  unhappiness,  and  draw  managers 
out  on  how  people  are  feeling. 

■  Check  confidential  employee  surveys  for  signs  that  IT 
employee  engagement  has  gone  down.  “That  could 
be  a  leading  indicator  that  people  may  move  on 
when  things  turn  around,”  Merlyn  says. 

■  If  you  can’t  survey  the  entire  IT  workforce,  try  to  con¬ 
duct  spot  surveys  on  one  or  two  issues,  or  put  a  few  ques¬ 
tions  on  an  employee  portal  to  identify  segments  of 
your  IT  organization  that  are  particularly  disenchant- 


DISGRUNTLED  WORKERS 

Computerworld’s  2003  Job  Satis¬ 
faction  Survey  showed  that  there  isn't 
much  job  satisfaction  in  IT.  For  the 
complete  results,  visit  our  Web  site: 

QuickLink  a3810 
www.computerworld.com 


ed,  Jensen  says.  “Then  you  can  take  more  targeted 
steps  to  deal  with  the  [potential]  loss  of  key  people.” 

■  Communicate  candidly  with  the  workforce.  “Employ¬ 
ees  understand  and  can  handle  the  fact  that  the  econ¬ 
omy  is  tough,”  Jensen  says.  “They  want  to  feel  part 
of  the  process  and  understand  why  decisions  are 
being  made.” 

■  Cancel  overtime.  “Constant  overtime  is  a  deadly 
cause  of  burnout  and  the  sense  of  being  used,”  De¬ 
Marco  says. 

■  Hire  now.  “You  have  to  be  ahead  of  the  curve  in  the 
staffing  work  that’s  going  to  have  to  be  done,”  DeMar¬ 
co  says.  By  taking  extra  work  off  people,  you  may 
change  their  minds  about  leaving.  Even  if  they  do 
leave,  each  person  you  hire  now  is  one  you  won’t  have 
to  hire  later  in  a  tougher,  more  expensive  market. 

■  Know  your  “A”  players,  and  make  sure  you’re  doing 
everything  you  can  to  keep  them  happy,  Merlyn  says. 

■  Get  your  people  focused  on  the  future. 

Even  with  a  limited  budget,  you  can  generate  ex¬ 
citement  and  optimism,  Merlyn  says.  Engage  your  “A” 
players  in  rethinking  the  vision  and  strategy,  reposi¬ 
tioning  the  team,  upgrading  skills  and  adjusting 
roles.  If  your  company  has  been  laying  off  people 
and  just  shifting  the  work  to  others,  you  may  find 
redundancies  that  can  be  eliminated  to  take  the 
pressure  off  and  move  the  survivors  on  to  higher- 
value  activities. 

Even  if  you’re  not  able  to  move  ahead  on  a  growth 
agenda  yet,  he  says,  strategizing  and  planning  “feels 
constructive,  and  it  gets  people  engaged  in  thinking 
about  an  optimistic  future  rather  than  a  pessimistic 
present.”  O  43001 


Melymuka  is  a  Computerworld  contributing  writer. 
She  can  be  reached  at  kmelymuka@yahoo.com. 


Warning  Signs 

ComputerworicT  s  2003  Job 
Satisfaction  Survey  uncovered  the  kind  of 
grumbling  that  will  lead  to  an  IT  brain  drain. 

42 %  said  they’re 
dissatisfied  with  their  companies. 


56%  reported  that  their  level  of 
satisfaction  with  their  companies  has 
decreased  compared  with  one  year  ago. 

69°/o  don’t  think  they’re  working 
to  their  full  potential. 


55%  said  they’re  dissatisfied  with 
their  opportunities  for  advancement. 

2%  reported  finding  their  work  stressful. 


59%  reported  being  more  stressed 
out  than  they  were  a  year  ago. 

50%  disagreed  with  the  statement,  “My  em¬ 
ployer  is  successful  at  building  employee  loyalty.” 

Base:  936  respondents  (IT  workers,  managers,  consultants  and  contractors) 


Rational  software 


See  software  integrated. 
See  business  automates 
See  ROI  escalated. 


Rational  software.  Through  market-leading  tools  and  proven  best  practices,  Rational  offers  the 


build,  customize  and,  integrate  new  and  existing  applications.  Open  solutions  built  to  be  scalable  and 
reliable  -  for  immediate  business  value.  For  customer  successes,  visit  ibm.com/rational/seeit 
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Outsourcers  tout  their  Capability 
Maturity  Model  ratings,  but  they  may  be 
overkill  for  some  clients.  BY  JULIA  KING 


WHAT’S  IN  A  CMM  RATING? 

Does  hiring  a  CMM  Level  5  service 
provider  guarantee  that  an  outsourced 
software  project  will  come  in  on  time 
and  on  budget? 

Will  a  higher  CMM  rating  automati¬ 
cally  mean  higher  costs? 

What  impact  does  earning  a  rating 
have  on  software  quality? 

These  are  just  a  few  of  the  questions 
confronting  IT  managers  charged  with 
contracting  out  an  increasing  volume 
of  application  development  and  main¬ 
tenance  work  to  lower-cost  offshore 
outsourcers. 

Developed  by  the  Software  Engi¬ 
neering  Institute  (SEI)  at  Carnegie 
Mellon  University  in  Pittsburgh,  CMM 


—  short  for  Capability  Maturity  Model 

—  is  a  set  of  rigorous  standards  for 
software  development  that’s  based  on 
five  levels.  Of  some  70  companies 
worldwide  that  have  publicly  acknowl¬ 
edged  reaching  the  highest  rating  of 
Level  5,  about  50  are  in  India,  accord¬ 
ing  to  the  SEI  and  Gartner  Inc. 

Not  surprisingly,  these  Indian  out¬ 
sourcers  aggressively  tout  their  CMM 
rating,  marketing  themselves  as  top- 
notch  developers  with  standardized, 
repeatable  processes  in  place  for  deliv¬ 
ering  the  highest  quality  software.  Exe¬ 
cuting  standardized  processes  also 
works  to  keep  down  costs,  enabling 
Level  5  providers  to  pass  on  additional 
savings  to  customers,  according  to 


Sangita  Singh,  head  of  strategic  mar¬ 
keting  at  Wipro  Ltd.,  an  Indian  out¬ 
sourcing  company  with  U.S.  head¬ 
quarters  in  Santa  Clara,  Calif. 

Research  confirms  that  higher  CMM 
levels  correlate  with  fewer  software 
defects  (see  chart  below).  But  the  high¬ 
est  CMM  rating  doesn’t  necessarily 
guarantee  the  greatest  savings  for  cus¬ 
tomers.  “The  data  on  quality  and  matu¬ 
rity  levels  shows  there  is  a  definite  im¬ 
provement  in  costs  and  [on-time  proj¬ 
ect  completion]  schedules,”  says  Bill 
Peterson,  program  director  for  soft¬ 
ware  engineering  process  management 
at  the  SEI.  “But  whether  the  supplier 
passes  the  savings  on  to  the  buyer,  we 
don’t  know.  That’s  more  business  than 
anything  to  do  with  the  logic  of  costs. 

“What  we  are  saying  is  that  as  a 
Level  5,  [suppliers]  are  better  and 
they’re  able  to  charge  more,  not  less,” 
Peterson  adds. 

At  the  same  time,  a  Level  5  CMM 
rating  comes  with  no  guarantees,  and 
in  some  cases,  it  may  even  be  overkill, 
experts  say. 

“CMM  is  a  great  discipline,  and  it  is 
a  great  designation  to  have,”  says  Bart 
Perkins,  a  Computerworld  columnist 
and  managing  partner  at  Louisville, 
Ky.-based  Leverage  Partners  Inc., 
which  helps  CIOs  manage  IT  suppli¬ 
ers.  “But  the  reality  is  that  if  an  out¬ 
sourcer  is  at  Level  5  and  the 
client  is  at  Level  1  or  2,  the 
client  doesn’t  have  the  in¬ 
ternal  discipline  to  take 
advantage  of  the  Level  5 
provider’s  standardized 
routines.” 

Defining  system  or  proj¬ 
ect  requirements  is  a  prime 
example.  “With  CMM,  the  entire  re¬ 
quirements  process  is  very  rigidly  de¬ 
fined.  A  Level  5  requirements  docu¬ 
ment  is  very  detailed  and  explicit  and 
has  metrics  associated  with  it,”  Perkins 
explains.  “But  a  company  at  a  CMM 
Level  0  or  1  could  have  their  require¬ 
ments  on  the  back  of  an  envelope  and 
no  metrics.  The  Level  1  companies  are 
lucky  if  they  write  out  two  pages.” 

The  upshot,  says  Perkins,  is  that 
touting  a  CMM  Level  5  rating  to  a 
Level  1  buyer  “comes  down  to  touting 
a  feature  that’s  of  little  value.  It’s  like  a 
car  salesman  in  Alaska  touting  a  car’s 
great  air  conditioning.  It  may  be  great, 
but  you  can’t  take  advantage  of  it.” 

Yet  some  companies,  such  as  Farm¬ 
ers  Insurance  Group  in  Los  Angeles, 
contract  with  Level  5  outsourcers  ex¬ 
clusively,  even  though  they  may  be 
unable  to  reap  all  of  the  benefits  of 
doing  so. 

“The  CIO  dictated  that  we  only  do 


CMM  Checklist 

Questions  to  ask  your  out¬ 
sourcer  about  its  ratings  under 
the  Capability  Maturity  Model: 

What  was  your  last  published 
assessment  level? 

When  did  that  occur?  (After 
two  years,  assessments  are 
out  of  date,  the  SEI  says.) 

Who  performed  the  lead 
assessment? 

Who  was  on  the  assess¬ 
ment  team? 

What  improvements  have 
you  made  since  the  last 
assessment? 


business  with  CMM  Level  5  partners.  It 
was  a  way  of  distinguishing  the  best 
companies  from  the  rest  of  the  pack,” 
explains  Alan  Stanley,  a  program  man¬ 
ager  at  Farmers. 

“Beyond  that,  we  don’t  take  advan¬ 
tage  of  CMM.  We  tend  to  dictate  how 
we  want  work  done.  We  allocate  work 
and  processes  based  on  what  we  do 

here,  so  I  don’t  think  we’ve 
really  benefited  from  the 
CMM  Level  5  side,”  he  adds. 

Helen  Cousins,  former 
CIO  at  Parsippany,  N.J.- 
based  Cendant  Corp.,  says 
she  believes  that  hiring  a 
Level  5  outsourcer  is  a  way 
to  raise  the  bar  for  your 
own  IT  organization.  “One  of  the 
things  we  gained  out  of  necessity  is  the 
ability  to  more  clearly  define  what  we 
want,”  says  Cousins,  who  is  now  CIO 
at  Dex  Media  Inc.  in  Denver.  “I’ve  also 
noticed  that  when  people  working  side 
by  side  are  with  people  who  are  disci¬ 
plined,  it  starts  rubbing  off.” 

But  in  a  January  2003  report  on  the 
subject,  Gartner  analyst  Partha  Iyengar 
cautioned  that  users  should  also  re¬ 
member  that  CMM  standards  are  de¬ 
scriptive  rather  than  prescriptive, 
meaning  that  “they  describe  what  must 
be  done,  rather  than  how  it  must  be 
done.”  Consequently,  a  vendor  can 
specify  a  certain  way  of  executing  a 
process  that  isn’t  the  best  possible  im¬ 
plementation  of  that  particular  process. 

In  other  words,  Iyengar  says,  “CMM 
standards  certification  in  no  way  guar¬ 
antees  that  a  vendor’s  internal  imple¬ 
mentation  of  these  standards  is  best- 
in-class  in  any  way.”  ©  42492 
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ware  defects,  according  to  this  research: 
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56.00 

314,336 
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SOURCE: 

GARTNER  INC.  AND  THE  SOFTWARE  ENGINEERING 

INSTITUTE 

CMM  SUNSET 

The  Software  Engineering 
Institute  is  phasing  out  CMM 
in  favor  of  a  new  version, 
called  CMMI: 
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Preventin 


Abuse 


Corporate  IT  managerstryingtocurb 
illegal  peer-to-peer  file  downloads 
could  learn  from  their  counterparts 
on  college  campuses.  BY  JULIA  KING 


the  student  handbook  had  also  in¬ 
formed  students  about  the  university’s 
downloading  policies  and  the  discipli¬ 
nary  actions  that  would  be  taken 
against  violators. 

Icarus,  short  for  Integrated  Comput¬ 
er  Application  for  Recognizing  User 
Services,  collects  and  combines  data 
from  all  of  the  university’s  many  dis¬ 
parate  network  management  systems. 
Once  combined,  the  information  can 
be  analyzed  in  a 
comprehensive 
manner. 

“We  realized  we 
had  all  of  the  [net¬ 
work  monitoring  and  management] 
tools  we  needed.  We  just  needed  to 
find  a  way  to  use  them  all  together,” 
Bird  explains.  “By  collecting  data  in 
one  place,  we’re  able  to  detect  applica¬ 
tion  usage  in  new  and  unusual  ways.” 

How  It  Works 

Whenever  Icarus  detects  P2P  activity 
on  the  network,  the  software  sends  a 
pop-up  message  to  the  offending  user’s 
computer.  If  the  user  is  a 
first-time  violator,  he  is  auto¬ 
matically  directed 
to  an  educational 
Web  site  that  out¬ 
lines  the  universi¬ 
ty’s  network  usage  policy 
and  specific  details  on  his 
particular  violation. 

Second-time  offenders 
are  immediately  restricted 
to  on-campus  Internet 
usage  for  a  period  of  five 


ICARUS  FAQ 

Get  the  details  on  the  Univer¬ 
sity  of  Florida's  open-source 
P2P  file-restriction  program: 

(I  QuickLink  42975 

Read  about  the  latest  ways 
schools  are  dealing  with 
music  downloading: 

O  QuickLink  43231 
www.computerworhflom 


im  o’rourke.  vice  presi¬ 
dent  for  computer  and  in¬ 
formation  services  at  Tem¬ 
ple  University,  makes  it  a 
point  to  ask  students  in  the 
classes  he  teaches  whether  they  swap 
peer-to-peer  music  and  video  files.  He 
has  yet  to  get  no  for  an  answer.  With 
33,000  network  users,  5,000  of  whom 
live  on  the  Philadelphia  campus,  P2P 
file  swapping  has  brought  the  universi¬ 
ty’s  network  to  its  knees  more  than 
once,  he  says. 

At  the  University  of  Florida,  network 
services  supervisor  Rob  Bird  at  one 
point  last  year  recorded  3,500  simulta¬ 
neous  network  connections  to  Kazaa,  a 
popular  P2P  music  site.  That  figure 
represents  almost  half  of  all  students 
who  reside  on  the  Gainesville  campus. 

Colleges  and  universities  are  on  the 
front  line  when  it  comes  to  combating 
the  various  computer  security,  copy¬ 


right  infringement  and  network  over¬ 
load  problems  that  can  result  from 
users  swapping  massive  P2P  files.  As 
a  result,  schools  have  been  forced  to 
come  up  with  effective  systems  not 
only  for  detecting  bandwidth  hogs,  but 
also  for  differentiating  between  legiti¬ 
mate  and  illegitimate  P2P  file  transfers 
and  pulling  the  plug  on  illegal  activity. 
In  several  cases,  their  tools  and  tactics 
have  resulted  in  a  significant  reduction 
in  P2P  headaches,  making  them  well 
worth  a  close  look  by  corporate  IT 
managers,  many  of  whom  are  facing 
the  same  problems. 

Consider  the  University  of  Florida. 
Within  an  hour  of  implementing  a 
homegrown  network  tool  known  as 
Icarus,  network  managers  recorded  an 
86%  drop  in  illegal  P2P  uploads  to  the 
Internet  from  the  university’s  resi¬ 
dence  halls.  Downloads  dropped  by 
30%.  School  newspaper  articles  and 


days.  Third-time  violators  are  cut  off 
from  all  Internet  connectivity  beyond 
the  campus  and  immediately  referred 
to  the  university’s  judicial  affairs  office. 

“We  try  to  stick  to  campus  restric¬ 
tion  as  the  most  severe  punishment,  to 
minimize  the  impact  on  academic  use, 
because  there’s  plenty  of  legitimate  ap¬ 
plications  that  need  to  be  accessed  by 
students,”  Bird  says. 

Since  the  start  of  the  academic  year 
in  September,  the  system  has  uncov¬ 
ered  919  first-time  offenders  and  only 
nine  repeat  offenders. 

“It’s  been  extraordinarily  success- 


In  a  July  2003  study  of  peer-to-peer 
file  sharing  at  560  companies, 
Ottawa-based  AssetMetrix  Inc.  found 
that  employees  at  of 
those  companies  had  engaged  in 
Web-based  file  haring  during 
the  previous  14  months. 


ful,”  Bird  says,  adding  that  the  univer¬ 
sity  plans  to  release  the  application  as 
an  open-source  project  in  the  spring. 

Differentiating  between  legal  and  il¬ 
legal  P2P  files  can  be  difficult  for  net¬ 
work  managers,  since  most  colleges 
have  policies  against  viewing  the  con¬ 
tent  of  files.  The  University  of  Miami 
in  Coral  Gables,  Fla.,  keeps  it  simple  by 
limiting  all  students  to  a  maximum  of 
48MB  of  dedicated  bandwidth. 

“We  tell  them  to  use  it  wisely  to  do 
whatever  they  have  to  do.  That  could 
be  downloading  images  from  medical 
journals,  or  videos  related  to  school 
communications,”  notes  CIO  Lew 
Temares.  It  also  could  be  swapping 
music  files,  Temares  concedes,  which 
is  why  the  university  has  implemented 
two  network  filters  that  sniff  file  trans¬ 
fer  protocols  and  eliminate  those  with 
the  known  characteristics  of  P2P  files 
that  the  university  has  identified  as  il¬ 
legal.  These  include  sites  like  Kazaa 
and  Blubster  that  are  primarily  for 
downloading  music. 

At  Temple,  administrators  are  con¬ 
sidering  going  a  step  further  and  im¬ 
plementing  a  policy  that  would  deny 
hardware  and  software  sup¬ 
port  to  students  whose 
computers  contain  illegal 
P2P  programs  and  files. 

The  university  also 
recently  purchased  an  en¬ 
terprisewide  license  for 
Symantec  Corp.’s  Norton 
Antivirus  software,  which 
all  students  are  required  to 
install  on  their  computers 


before  they  can  tie  into  the  universi¬ 
ty’s  network. 

“I  don’t  really  want  to  work  on  [a 
computer]  it  takes  me  six  or  seven 
hours  to  rebuild  because  it  has  all  this 
junk  on  it,”  O’Rourke  says.  “The  Wel- 
chia  [worm]  alone  has  cost  me  at  least 
$400,000  in  the  last  month  just  in  time.” 

Chuck  Linebaugh,  director  of  infor¬ 
mation  systems  at  Chicago  law  firm 
O’Hagan,  Smith  &  Amundsen  LLC,  says 
corporate  IT  managers  like  him  have 
somewhat  more  leverage  over  employ¬ 
ees  than  university  network  managers 
may  have  over  students.  Linebaugh’s 
firm  locks  out  all  P2P  application  pro¬ 
grams  and  conducts  weekly  checks  on 
all  files  for  any  illegal  P2P  activity. 

Still,  he  keeps  a  close  eye  on  the  pre¬ 
cautions  that  other  IT  managers,  par¬ 
ticularly  university  network  managers, 
are  taking  on  the  P2P  file-swapping 
front.  One  big  reason,  he  notes,  is  self- 
preservation.  “If  we’re  investigated  and 
files  downloaded  by  users  are  on  our 
network,  we’re  liable  for  that,”  Line¬ 
baugh  says.  ©  43111 
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See  how  much  storage  you  have. 
See  how  much  storage  you  nee  :i 
See  it  adjust  without  doing  a  thing 


Tivoli  Storage  Management  helps  optimize  your  storage  systems.  Underutilized  space  is  automatically 
identified.  Nonessential  data  is  easily  eliminated.  It's  an  integral,  affordable  complement  to  server 
consolidation,  and  ft’s  compatible  with  most  current  storage  systems.  For  more  on  this  award-winning 
software  and  to  download  Tivoli  Storage  Resource  Manager  trial  code,  visit  ibm.com/tivoli/seeit/tsrm 
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When  DAVID  S. 
WATTERSON  joined 
Martin  Marietta  Ma¬ 
terials  Inc.  in  1999, 
his  job  was  to  replace 
the  old  mainframe 
and  software  with  a 
new  IT  architecture 
that  could  handle 
explosive  growth: 
40-plus  acquisitions  in  the  past  five 
years.  As  a  result  of  his  success,  Wat- 
terson  has  been  promoted  to  CIO  at  the 
$1.7  billion  company,  which  was  spun 
off  from  Martin  Marietta  Corp.  in  1994. 
He  spoke  with  Jean  Consilvio  about  the 
importance  of  IT  at  the  producer  of  con¬ 
struction  aggregates  in  Raleigh,  N.C. 

Your  IT  staff  seems  small  for  such  a 
large  company.  The  core,  43  people, 
are  in  Raleigh,  and  the  rest  provide  lo¬ 
cal  support  to  the  divisions.  The  infra¬ 
structure  we’ve  put  in  place,  the  [J.D. 
Edwards,  now  PeopleSoft]  products 
and  ERP  system  we’ve  chosen  have 
all  been  low  maintenance.  We  did 
everything  we  could  with  packaged 
software,  and  we  customized  as  little 
as  possible.  The  objective  has  been  to 
keep  the  costs  and  burden  of  IT  down 
for  the  company. 

Are  you  all  rolled  out?  We  kicked  off  in 
November  2000,  and  we  just  finished 
in  October. 

Do  you  use  wireless  technology?  We're 
experimenting  with  it  at  some  of  our 
quarry  facilities,  where  getting  hard 
wire  out  to  a  quarry  can  be  difficult. 
We’re  using  a  lot  of  VPN  technology. 

How  is  that  working  out?  Very  well;  it’s 
a  good,  low-cost  alternative.  We  have 
340-plus  locations  throughout  the 
U.S.,  Nova  Scotia  and  Bahamas,  and 
we  get  into  some  rural,  remote  areas 
where  we  may  have  just  five  people 
working  at  a  location.  To  put  in  a  full 
frame-relay  network  connection  is  not 
cost-effective. 

Have  your  responsibilities  changed 
since  you  were  vice  president  of  infor¬ 
mation  systems?  Not  very  much;  [the 
promotion  was]  a  recognition  of  the 
importance  that  IT  has  within  the  com¬ 
pany  and  somewhat  a  recognition  of 
the  major  transformation  we’ve  made 
over  the  last  three  years.  The  aggre¬ 
gate  industry  has  largely  been  a  low- 
technology  business.  O  43232 
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BehinlH  Eight  Ball 


The  safest  outsourcing  option  has 
been,  and  continues  to  be,  the  large  U.S.- 
based  operations  such  as  IBM,  Electronic 
Data  Systems  and  Accenture.  However, 
these  big  outsourcers  are  facing  serious 
challenges  and  finding  themselves  behind  the  eight 
ball.  Newer,  smaller  firms  have  changed  the  rules  and 
are  forcing  the  big  guys  to  play  catch-up.  The  new  en¬ 
trants  are  stealing  business  by  offering  dramatically 
lower  prices,  thus  creating  a  price  floor  against  which 
the  big  companies  have  to  compete. 


There  are  three  main  rea¬ 
sons  for  the  price  differen¬ 
tial.  First,  the  upstarts  can 
undercut  traditional  out¬ 
sourcers’  prices  because 
most  of  their  technical 
staffs  are  located  in  lower- 
cost  countries.  The  price 
difference  is  enormous, 
often  as  much  as  $180  per 
hour  vs.  $25  per  hour.  But 
beware.  Quoted  rates  don’t 
provide  a  true  apples-to- 
apples  comparison.  Be  sure 
to  calculate  the  total  cost 
of  outsourcing,  reflecting 
all  the  costs  of  managing 
an  offshore  outsourcer. 

Even  after  proper  pricing 
adjustments,  the  difference 
is  still  huge. 

Second,  the  administrative  costs 
at  the  newer  firms  are  much  lower. 
They’ve  designed  their  processes  from 
the  start  so  that  as  much  administra¬ 
tive  work  as  possible  is  performed  off¬ 
shore.  For  example,  at  one  company, 
when  expense  reports  are  submitted, 
they’re  immediately  scanned  into  a 
computer  system  and  then  sent  over¬ 
seas  electronically.  The  originals  and 
the  receipts  are  filed  domestically,  as 
required  by  the  IRS,  but  the  review, 
approval  and  reimbursement  process¬ 
es  take  place  offshore. 

Third,  the  management  structure  at 
the  new  outsourcers  also  costs  less, 


since  a  high  percentage 
of  their  managers  are 
based  in  the  same  coun¬ 
tries  as  their  technical 
staffs.  The  price  differen¬ 
tial  is  even  greater  in  the 
executive  ranks. 

In  all  three  cases,  lower 
wages  mean  lower  costs, 
and  the  new  firms  are  will¬ 
ing  to  pass  a  large  percent¬ 
age  of  these  savings  on  to 
their  customers.  Histori¬ 
cally,  the  big  outsourcers 
have  resisted  going  off¬ 
shore  for  similar  savings  in 
order  to  protect  revenues 
and  profits.  Forced  to  do 
so  now,  the  question  is 
how  quickly  they  can 
adopt  some  of  the  newer  entrants’ 
approaches  and  use  more  offshore 
labor.  But  there  are  complications. 

If  the  big  outsourcers  use  cheaper 
offshore  technical  staffs,  they  will 
have  to  share  the  savings  they  reap 
with  their  customers  to  remain  com¬ 
petitive.  The  resistance  to  doing  so 
isn’t  merely  greed  but  fear  of  affecting 
the  stock  price,  since  lower  billing 
rates  result  in  lower  revenues  and 
earnings.  It  takes  a  lot  more  business 
to  get  the  same  revenues  when  aver¬ 
age  domestic  billing  rates  are  six  or 
seven  times  the  going  rate  for  offshore 
work.  In  order  to  keep  revenues  sta¬ 
ble,  the  big  outsourcers  must  find  a 


great  deal  more  business  to  cover  the 
gap.  This  is  an  enormous  undertaking 
in  today’s  economy. 

In  addition,  they’ll  have  to  reduce 
their  administrative  costs,  which  will 
mean  re-engineering  many  of  their 
administrative  processes.  This  is  time- 
consuming  and  extremely  expensive 
and  presents  yet  another  hit  to  the 
bottom  line. 

Plus,  they’ll  have  to  address  their 
high-cost  management  structures.  In 
order  to  reduce  management  costs,  big 
outsourcers  could  conceivably  lay  off 
high-level  executives.  Moreover,  if 
growth  stalls,  they  won’t  be  able  to 
dangle  the  carrot  of  promotions  in 
front  of  top-notch  staff  members. 

The  impact  of  this  will  be  delayed, 
but  significant. 

Exactly  how  all  of  this  will  play  out 
is  unclear.  Over  the  past  few  years,  all 
of  the  big  outsourcers  have  quietly  be¬ 
gun  to  hire  —  and  invest  —  in  India, 
China  and  other  lower-cost  countries. 
Unless  stopped  by  legislation  or  politi¬ 
cal  unrest,  they’ll  continue  to  expand 
their  offshore  staffs. 

Each  major  outsourcer  will  likely 
address  the  resulting  problems  differ¬ 
ently,  but  any  solution  is  likely  to  cre¬ 
ate  a  great  deal  of  internal  turmoil. 
Some  U.S.-based  outsourcing  units 
will  probably  spin  off  from  their  moth¬ 
er  companies,  deciding  they’re  better 
off  without  corporate  overhead  and 
corporate  angst.  The  boutique  firms 
they  create  will  provide  further  com¬ 
petition.  Meanwhile,  watch  the  big 
players  for  restructurings,  reorganiza¬ 
tions  and  fluctuating  stock  prices. 

Buyers  who  are  currently  using  or 
negotiating  with  the  traditional  out¬ 
sourcers  may  want  to  keep  contract 
lengths  reasonably  short  and  build  in 
flexible  pricing  terms.  This  will  allow 
buyers  to  take  advantage  of  future 
price  drops  as  competition  intensifies. 
0  42972 

WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to 

www.compyt8fworld.cofn/opinions 


Security  s  the  last  thing  on  this  Chief  Security  Officer's  mind.  That’s  because  it's  the  first  thing  on  ours. 
Armed  with  real-time  information  and  response  capabilities  from  VeriSign’s  Intelligence  and  Control  ‘  Services 
for  Network  Security,  he  can  now  take  the  initiative.  Play  offense,  rather  than  defense.  Focus  on  the  kinds  pi 
projects  that  will  keep  his  Fortune  500  publishing  company  competitive,  like  establishing  a  global  VPN.  Anil 
reducing  operating  costs.  Now  he  can  think  freely.  At  least  until  an  editor  calls,  wanting  to  stop  the  presses 
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The  Value  of  Trust 


To  learn  more  about  VeriSign’s  new  Intelligence  and  Control  Services  for  Network  Security,  visit  www.verisign.com 
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IT  Careers:  Projected  Hiring  Surge  Drives  Online  Learning 


While  no  one  expects  a  replay  of  the  hiring 
craze  of  1999  and  2000,  most  business 
leaders  are  forecasting  an  increase  in  hiring  for 
technology  workers  in  2004.  The  surge  will  demand  a 
cross  between  sophisticated  technical  skills  and 
business  intelligence,  according  to  staffing  and 
professional  development  leaders. 

There  are  two  very  different  needs  in  terms 
of  ongoing  learning.  The  first  is  business  knowledge 
and  expertise,  which  most  universities  are  poised 
to  provide.  Suzanne  Gordon,  vice  president 
of  information  technology  at  SAS  Institute, 
says  that  in  research  and  development 
and  consulting,  employees 
need  advanced  degrees 
in  computer  science, 
statistics  or  operations 
research.  There  also  is  a 
need  for  the  cross  section 
of  business  know-how  with 
technology  -  such  as  combining 
an  information  technology  or 
computer  science  degree  with  in- 
depth  knowledge  of  economics, 
financial  services  or  the  healthcare 
industry.  Again,  schools  and 
universities  are  best  poised  to  provide 
the  advanced  study  that  a  technical 
professional  needs  to  lead  development  and 
implementation  of  projects  that  respond  to  a 
specific  business  problem. 


The  second  area  of  study  focuses  on  technology, 
but  with  the  add-on  of  understanding  people.  "I 
would  tell  them  to  take  courses  and  focus  attention 
on  hardcore  computer  science,"  says  John  Vlastelica, 
director  of  recruiting  programs  for  Amazon.com. 
"We  tell  engineers  to  learn  to  view  technology  not  as 
an  end  in  itself,  but  as  a  means  to 
an  end,  which  in  our  case  is 
delighting  customers." 


Gordon  agrees,  saying  that  her  IT  employees  tend 
to  be  life-long  learners.  "We  hire  people  who  love  to 
learn  technology.  They  do  that  through  our  in-house 
training,  but  also  by  learning  on  their  own.  These  new 
technologies  aren't  usually  available  through 
universities." 

That's  where  online  resources  become  important 
Scores  of  companies  and  institutions  are  providing 
certification  for  a  wide  range  of  skills,  from  .Net  to 
Java  to  XML.  Hiring  and  management  leaders  also 
want  employees  to  gain  certifications  in  such  areas 
as  technology  management,  project  management 
and  security. 

"Education  is  just  one  piece,"  stresses  SAS's 
Gordon.  "Some  people  have  an  innate  ability  to 
manage  projects  and  people.  Others  need  to 
learn."  That's  why  she  includes  leadership  in  her 
list  of  learning  priorities  —  bringing  diverse 
people  together  to  discuss  a  common  situation 
or  business  problem,  understanding  the  situation 
from  a  variety  of  angles,  and  then  translating  this 
into  requirements  that  enable  users  and  highly 
technical  developers. 

For  more  information  about  IT  Careers  advertising, 

please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 


Programmer  Analyst.  Sought  by 
Englewood  Colorado  consulting 
company  to  work  in  various 
unanticipated  locations  through¬ 
out  the  U.S.  Duties:  Analyze, 
plan,  develop,  test  and  docu¬ 
ment  computer  programs  includ¬ 
ing  network  communication  pro¬ 
grams.  Evaluate  user  requests 
and  software  program  require¬ 
ments  for  new  and  modified  pro¬ 
grams.  Write  specifications, 
code,  test  and  debug  computer 
programs.  Customize  hardware 
and  software  to  client  needs. 
Use  of  Visual  Basic,  C++,  ASP, 
ActiveX,  HTML,  SQL  Server, 
VBScript  Developer  2000  and 
Windows  NT.  Reqs.  Bachelor  or 
equivalent  in  Computer  Science, 
Computer  Engineering,  Engi¬ 
neering  (any  field)  or  related 
field  of  study.  Plus  2  years  in  the 
job  offered  or  2  year  in  a  related 
occupation,  including  Senior 
Software  Engineer.  $75,000/ 
year,  40/hrs/wk,  8AM-5PM. 
Respond  by  resume  to 
EMPLOYMENT  PROGRAMS, 
PO  Box  46547,  Denver,  CO 
80202,  and  refer  to  Job  Order 
No.  CO5061381. 


SOFTWARE  ENGINEER 
(Alameda  County)  to  analyze, 
design  &  modify  computer  soft¬ 
ware  for  precision  laser  &  GPS 
manufacturer  selling  into  int'l 
civil  engrg  &  construction  indus¬ 
tries;  create  &  analyze  software 
for  use  in  connection  w/compa- 
ny's  survey,  machine  control  & 
laser  products,  utilizing  C++, 
Visual  C++,  &  CE  o/s  in 
Windows;  implement  user  inter¬ 
faces  in  Windows  desktop,  CE 
PDA's  &  Embedded  systems,  & 
design  user  Help  files  &  systems 
&  generate  user  &  product  man¬ 
uals,  utilizing  MS  Word,  Adobe 
PageMaker  or  FrameMaker;  35 
hrs/wk.  Must  have  Bach's  in 
Comp  Sci,  MIS  or  Electrical 
Engrg  &  1  yr  in  job.  Contact 
TPS,  Inc..  Attn:  C.  Goad,  5758 
W.  Las  Positas  Blvd, 
Pleasanton,  CA  94588  &  quote 
#12904. 


OH  IT  Consulting  Firm  seeks 
Project  Manager  for  the 
mgment/design/development/im 
plementation/upgrade/mainte- 
nance  of  mgmnt  systems 
(CMMS);  consult  w/dients  to 
determine  client  needs;  assist 
w/contract  negotiations  and 
prep  of  client  capital  investment 
approval  proposals;  oversee 
implementation  of  new  system, 
upgrade  of  maintenance  to 
ensure  the  CMMS  system  is 
installed/running  correctly.  Min 
exp.  Bachelor's  in  Mech  Engin 
or  equiv.  and  3  years  in  job/job 
related  exp.  including  working 
knowledge  of  MS  Project,  MS 
Business  Professional  swre,  at 
least  1  Aerospace  ERP  sware 
maintenance  pkg  (ie.  Avexus 
Impresa  or  Visaer)  and  previous 
consulting  exp.  Travel  req. 
Resumes  to  Boyle  International 
Corporation,  7007  E.  Sprague 
Rd.,  Independence,  OH  44131. 
No  calls.  EOE. 


Senior  Business  Analyst/ 
Programmer  Assist  health  orga¬ 
nizations  develop  the  steps  to 
comply  with  the  HIPAA,  assess 
the  current  environment,  provide 
recommendations  for  achieving 
HIPAA  compliance  within  the 
required  time  frames,  and  pro¬ 
vide  remediation  assistance  and 
training.  Provide  leadership  and 
direction  to  project  teams  and 
client  staff  regarding  HIPAA 
Privacy  and  Security.  -  2  yr 
experience  in  using  exchange, 
eGate,  elnsight  for  implementing 
EDI  transaction/Experience  in 
using  system  development  life 
cycle  methodology  approach/ 
Experience  with  mainframe  plat¬ 
form  (COBOL,  CICS,  ADABAS. 
NATURAL  VSAM,  DB2  and 
JCL).  Base  Salary  $65000. 
Send  application  and  resume 
to:  LB  Infosys.  1300  Edgewater 
Dr  #306. Pierre,  SD  57501. 


Analyst/Project  Programmer, 
Biomedical  Information 

Develops  appropriate  computer 
algorithms  for  data  mining  of 
advanced  biological  and  chemi¬ 
cal  research  data  for  the  purpos¬ 
es  of  developing  Bioinformatics 
and  statistical  data  output,  which 
will  be  used  for  various  human 
genetic  research  projects. 
Reads  and  interprets  research 
publications  using  basic  princi¬ 
ples  in  genetics,  molecular  biol¬ 
ogy  and  computational  biology. 
Uses  SAS,  S-Plus  or  SYSTAT  in 
conjunction  with  Bio-PERL, 
BLAST,  UNIX,  C++,  and  Fortran 
in  performance  of  duties. 
Requires  Master's  degree  or 
completion  of  coursework  for 
Master's  degree  in  Computer 
Science,  Computing,  or  Biology. 
Education  to  include  completion 
of  nine  credit  hours  in 
Bioinformatics.  Send  resume, 
no  calls  to:  Medical  College  of 
Wisconsin,  Attn:  Employment 
Office  -  JMC1208,  8701 

Watertown  Plank  Rd., 
Milwaukee,  Wl  53226,  Fax:  414- 
456-6502. 


Systems  Analyst:  Analyzes 

user  requirements,  procedures, 
and  problems  to  automate  pro¬ 
cessing  or  to  improve  existing 
computer  systems.  Must  be 
able  to  travel.  Bachelor's 
degree  in  computer  science, 
engineering,  or  math-related 
and  2  yrs.  experience  required 
in  job  offered.  Included  in,  and 
not  in  addition  to,  the  2  yrs. 
requirement,  2  yrs  experience  in 
JAVA  (JDBC,  BEANS,  RMI), 
COBRA,  JAVA  Script,  HTMS, 
ASP,  CGI  with  Periand  Oracle. 
40  hrs  per  week,  Mon-Fri,  9:00 
am  -  5:00  pm;  no  overtime. 

Apply  by  resume  only  to  Humar 
Resources  Coordinator,  Capri¬ 
corn  Systems,  Inc.  3569 
Habersham  at  Northlake,  Bui- 
ding  K,  Tucker,  GA  30084. 


Stanford  Technology  Partners 
Inc.  is  an  Information 
Technology  consulting  company 
with  its  clients  across  the  USA. 
We  seek  an  UNIX  Solaris 
System  Administrator.  Duties 
include  systems  administration 
for  global  e-business  retail 
exchange,  scalability  analysis 
and  capacity  planning,  expertise 
on  sun  clustering  with  a  strong 
focus  on  design  and  architec¬ 
ture,  assist  with  transition  to  co- 
location  environments,  establish 
and  maintain  close  working  rela¬ 
tionships  with  application  teams 
and  users  in  the  design,  devel¬ 
opment,  tuning,  and  problem 
resolution  of  systems,  communi¬ 
cate  effectively  in  meetings  and 
discussions,  maintain  software 
license  inventory  and  Perform 
emergency  problem  resolution. 
If  interested,  please  send 
resume  to:  Stanford  Technology 
Partners  lnc.289  Boston 
Turnpike  Suite  #6  Shrewsbury, 
MA  01545  e-mail: 
recruiter@stpincusa.com 


Seeking  qualified  applicants  for 
the  following  positions  in 
Orlando,  FL:  Senior  Prog¬ 
rammer  Analyst.  Devise  or 
modify  procedures  or  perform 
systems/applications  testing  to 
solve  complex  problems  consid¬ 
ering  computer  equipment 
capacity,  limitations,  operating 
time  and  form  of  desired  results. 
Requirements:  Bachelor's 

degree*  in  computer  science, 
MIS,  engineering  or  related  field 
plus  5  years  of  experience  in 
systems/applications  develop¬ 
ment  and/or  testing.  Exper¬ 
ience  with  Unix  and  SQL  also 
required.  "Master's  degree  in 
appropriate  field  will  offset  2 
years  of  general  experience. 
Submit  resumes  to  Sibi  George, 
FedEx  Corporate  Services, 
1900  Summit  Tower  Blvd.,  Suite 
1400,  Orlando,  FL  32810.  EOE 
M/F/DA/ 


www.itcareers.com 


is  the  place  where  your 
fellow  readers  are  getting 
a  jump  on  even  more  of 
the  world's  best  jobs. 

Now  combined  with 
CareerJournal.com, 
you  have  more  jobs 
to  choose  from. 

www.itcareers.com 
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it  careers.com 


IT  Careers 
Wants  You! 

Take  the  hassle  out  of 

job  searching  and 

check  us  out  at 

www.itcareers.com. 

Today,  more  than  ever, 
the  right  skills  fuel  the 
new  economy  and  IT 
Careers  wants  you  to  be 

there.  Check  us  out  at: 

www.itcareers.com 


Software  Engineer  (2  positions) 
-  Research,  design  and  develop 
computer  software  systems  in 
conjunction  with  hardware  prod¬ 
uct  development  applying  princi¬ 
ples  and  techniques  of  computer 
science,  engineering  and  math¬ 
ematical  analysis.  Requires  a 
Master  in  Computer  Science, 
Info  Systems,  Engineering  or 
Mathematics.  Requires  1-yr  exp 
in  job  offered  or  1-yr  exp  as 
Programmer  Analyst,  Systems 
Analyst  or  Systems  Engineer. 
Must  have  1-yr  exp  using  Active 
Server  Pages  and  JavaScript. 
Various  unanticipated  locations 
throughout  the  US.  5  day,  40 
hr/wk,  $7 1 ,393/yr.  Please  mail 
resumes  to  Workforce  Develop¬ 
ment  Programs,  PO  Box  46547, 
Denver,  CO  80202  and  refer  to 
order  number  C05062104. 


You  can 
find  a 
better 

JOB 

with  one 
hand  tied 
behind 
your  back. 


Just  point  your 

mouse  to  the 

world’s  best 

IT  careers  site, 

powered  by 

CareerJoumal.com 

Find  out 
more  at: 
itcareers.com 
or  call  (800) 
762-2977 


Software  Co.  SI,  NY  Seeks 
Project  Leader,  Sr  &  Jr 
Programmers  w/following  skills 
for  their  medical  div;  VB  x/. net, 

embedded  VB  3.0,  SQL  Server 

7/00,  Oracle  x,  PL/SQL, ASP, 
Java,  C++,  IIS,  Unix/Windows  x 
&  CE;  Reqd  Healthcare  ind. 
knowledge,  BS  in  CS/Engg/Bus. 
Adm  w/5  yrs  exp,  for  sr  level  &  3 
yrs  exp  for  jr.  prgmrs  in  job  offd. 

Send  resumes  to  HR.  Infinite 

Software  Solutions,  Inc.,  303 

Bradley  Avenue,  SI,  NY  10314. 

Computers-Seeking  qualified 
candidates  for  senior  and  mid¬ 
level  IT  professional  positions 
including:  Programmer  Analysts. 
Database  Administrators, 

Software  Engineers,  IT/Software 
Consultants,  Systems  Analysts. 
Qualified  candidates  must  pos¬ 
sess  MS/BS  or  equiv.  and/or  rel. 
work  exp.  Some  positions 
require  1  yr.  or  more  SAP  exp. 
Duties  include:  Work  with  3  of 
the  following:  SAP,  ABAP,  XML, 
Siebel,  Oracle,  C++.  Fwd. 
resume  &  references  to: 
Halcyon  Solution,  Inc.,  Attn:  HR, 
950  Taylor  Station  Rd.,  #D, 
Columbus,  OH  43230. 

Network  Administrators  needed. 

Seeking  qual.  candidates  pos¬ 
sessing  BS  or  equiv.  and/or  rel. 

work  exp.  Cisco  Cert.  Design 

Assoc.  &  Cert.  Novell  Engg. 

certs,  req'd,  or  in  the  alt.,  exp. 

must  include  1  yr,  working 

w/Cisco  &  Novell  NetWare.  Fwd. 

resume  &  ref.  to:  Attn:  IT 

Manager,  Associated  Students, 

SJSU,  1  Washington  Sq.,  AS 

House,  San  Jose  State  Univ., 

San  Jose,  CA  95192-0128 

Programmer  Analyst  (2  posi¬ 
tions)  -  Design  and  development 
of  Electronic  Data  Capture 
Systems  utilizing  Formware, 
Infolmage  and  IFPS.  Requires 
Bachelor  in  Computer  Science, 
Engineering  or  Mathematics. 
Requires  2  yrs  exp  in  job  offered 
or  2  yrs  exp  as  Software 
Engineer,  Systems  Analyst  or 
Systems  Engineer.  Must  have  1 
yr  exp  in  document  imaging 
using  Infolmage  and  6  months 
exp  in  Formware  and  IFPS. 
Various  locations  throughout  the 
US.  5  day,  40  hr/wk,  $75,150/yr. 
Please  mail  resumes  to 
Workforce  Development 

Programs,  PO  Box  46547, 
Denver,  CO  80202  and  refer  to 
order  number  CO5062126. 

Computer  Professionals  (pro¬ 
grammer,  system  analyst,  soft¬ 
ware  or  project  engineers)  want¬ 
ed  by  Bralak  Technologies. 
Candidates  must  have  at  least 
BS/MS  degree.  IT  experience  in 
C/C++,  Oracle,  SQL,  VB  Java, 
Web  Technology  is  a  plus. 
Please  send  resumes  to 
recruiter@bralak.  EOE 

Infogen  is  seeking  IT  profession¬ 
als.  Req.  BS.  Skills  in  following 
area  are  plus:  Oracle9i, 
Weblogic  /  WebSphere,  C++, 
Visual  C++,  VB,  COM,  STL, 
MTS,  MSMQ,  ASP,  Java,  HTML. 
XML,  MTS,  MSMQ,  ADO.  UML. 
Travel  is  required.  Send  resume 
to  infojobs@infogeninc.com. 
EOE. 

CDI,  one  of  the  largest  staffing 
companies,  has  multiple 
IT/Engineer  positions.  We 
require  BS/MS  or  equivalent 
with  exp.  in  the  related  fields. 
Good  reference  also  required. 
We  offer  competitive  salary  with 
full  benefit  package.  Please  visit 
www.cdicorp.com  to  find  posi¬ 
tions. 

System/Programmer  Analysts, 
Software/Project  Engineers  or 
other  IT  professionals  wanted  by 
Imetris,  an  e-business  solutions 
provider  MS/BS  required.  Skills 
in  Oracle,  SQL,  Java,  SAP, 
PeopleSoft,  ERP  tools  pre¬ 
ferred.  Competitive  wages. 
Please  contact 
info@imetris.com.  EOE. 

Internet  company  seeks 

PhD  Research  Engineers 

responsible  for  innovative 

research.  Interested  appli¬ 
cants  should  send  resumes 

to:  K  Wolfe;  1501  Salado; 

Mt.  View,  CA  94043.  Visit 

www.google.com  for  addi¬ 
tional  information. 

Computers 

Integrated  Dealer  Systems  (St. 
Petersburg,  FL)  is  seeking  a 
DBA/Technical  Trainer  to 
design/maintain  the  company’s 
SQL  Server  and  train  commer¬ 
cial  customers  on  an  EDI  pack¬ 
age.  Must  have  experience  with 
RDBMS,  MSAccess/SQL/  Uni- 
Verse,  DataStage  and  providing 
technical  training.  B.S.  in 
CS/MIS  or  equiv.  +  1  yr.  experi¬ 
ence  as  DBA/Technical  Trainer. 
Apply  online  at  www  bmnswick.com, 
Careers  (search  City  "St. 
Petersburg").  Any  questions  to 
HR@IDS-Astra.com.  Only  can¬ 
didates  under  consideration  will 
be  contacted.  No  calls.  EOE 

Looking  for  a  new  career? 


The  new  itcareers.com 
and  CareersJournal.com 
combined  jobs  database 
can  help  you  find  one. 

Check  us  out  at: 
www.itcareers.com 
or  call:  (800)  762-2977 


R  Systems,  Inc.  is  a  global  infor¬ 
mation  technology  services 
company  and  it  has  multiple  Job 
openings  for  the  following  posi¬ 
tions  at  its  corporate  office  in 
Sacramento  as  well  as  Project 
sites  throughout  the 
United  States: 

•  Applications  Programmer 

•  Database  Analyst 

•  Software  Engineers 

•  Systems  Analyst 

•  Network  Analyst 

•  IT  Project  Managers 

•  Business  Analyst 

•  Sales  Engineer 

•  Programmer  Analyst 

•  Sales  Manager 

•  Database  Administrators 

•  Market  Research  Analyst 

Minimum  requirement:  Bach¬ 
elor's  degree  or  equivalent  and 
one  year  experience  in  the  job 
offered.  All  positions  may  involve 
relocation  to  project  sites. 

Submit  detailed  resume  and 
position  applied  for  to: 

Attn:  Venkatesh  Sundararajan 
5000  Windplay  Drive  Suite  5 
El  Dorado  Hills.  CA  95762 


SR.  PROGRAMMER  ANALYST 
to  design,  develop,  test  and 
implement  sftw.  products  & 
apps.  Develop  integration  Web 
services  &  Intranet  projects,  e- 
business  Reports,  database 
design  &  GUI  screens  using 
ASP.NET,  VB.NET,  C#,  SOAP, 
WSDL,  DHTML,  HTML,  VB, 
ASP,  Visual  Source  Safe,  Visual 
Interdev,  Visual  Studio. Net, 
XML,  Oracle,  Crystal  Reports, 
Actuate  Reports,  IIS  &  SQL 
Server.  Perform  unit  &  basic 
acceptance  tests.  Bachelor’s 
degree/equivalent  in  any  Engg. 
dlsc./computer  science/related 
field  &  5  years  of  experience  as 
IT  professional  required.  Must 
have  at  least  1  year  of  course- 
work  in  computer  science  if 
degree  not  in  comp,  related  field 
&  at  least  1  yr  exp.  in  all  above 
technologies,  skills  &  tools.  Will 
accept  Master’s  w/2  yrs  exp.  in 
lieu  of  Bachelor's  w/5  yrs  exp. 
Apply  to:Palayekar  Co  Inc  1959 
E  Third  Street,  Williamsport  PA 
17701 


MSYS,  Inc.  is  an  information 
technology  consultancy  built  to 
deliver  high-value  business 
solutions  for  our  clients.  We  are 
looking  for  the  following  position. 
Systems  Analysts:  Design,  ana¬ 
lyze  and  develop  computer  and 
business  applications  of  existing 
and  proposed  systems.  Know¬ 
ledge  in  VB.  ASP.  JavaScript. 
SQLServer2000,  NET  Tech¬ 
nology,  Web  Design  and 
Development,  E-Commerce 
Services,  XML,  COM,  Crystal 
reports,  with  back  end  databas¬ 
es  like  SQL  Server  and  Oracle. 
Design  client-server  distributed 
Internet  based  projects,  includ¬ 
ing  e-Commerce  applications. 
Need  Bachelor's  degree  in 
Computer  Science,  Engineering, 
or  related,  and  2  years  of  expe¬ 
rience.  Send  resume  to:  Human 
Resources,  MSYS,  Inc.,  104 
Iowa  Ln.,  Suite  201,  Cary,  NC 
27511.  E-mail: 
info@msysinc.com 


Application  Specialist/Unix  Adm¬ 
inistrator  wanted  by  shipping 
and  container  co.  in  Tampa,  FL. 
Must  have  a  Bachelor's  degree 
in  Comp,  Sci„  Eng.  or  related 
field,  plus  3  yrs.  exp.  with 
Microsoft  technologies;  2  yrs. 
exp.  in  the  Shipping  Industry;  2 
yrs.,  exp.  in  implementation  of 
Web  based  (WWW)  application 
architecture  and  1  yr.  exp.  with 
Unix  base  middleware  applica¬ 
tion  such  as  LDAP  and 
Application  Servers.  In  lieu  of  a 
Bachelor's  degree,  we  will 
accept  an  additional  2  yrs  of  rel¬ 
evant  exp.  Refer  to  Job#JL20O3, 
Lykes  Lines  Limited,  LLC  (CP 
Ships),  401  East  Jackson  St, 
Suite  3300,  Tampa,  Florida 
33602. 
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ENGINEERING 

Software  Engineers  in  Uncroft, 
NJ  to  design,  develop,  code,  test 
and  implement  web  applications 
for  providing  authorization, 
authentication,  delegated  admin 
istration  and  secure  seamless 
connection  for  secure  services 
platform  applications  using 
J2EE  and  related  Java  technolo¬ 
gies  (JDBC,  JNDI  &  JMS), 
TCP/IP  and  windows  socket  net¬ 
working  technologies  and  com¬ 
ponent  development  tools  such 
as  COM,  COM+  and  Java 
Beans  in  Solaris  and  Linux  envi¬ 
ronments;  test  web  applications 
using  Visual  Cafe  skills  and 
deploy  them  on  WebLogic 
Application  Server  8.1  using 
J2EE  technologies;  Java  and 
C/C++  programming  languages 
to  develop  data  communication 
and  modem  emulation  software 
operating  in  Linux  environments; 
develop  MS  Outlook  calendaring 
systems  using  CDO  skills.  BS  in 
Comp.  Sc.  or  Eng.  5  yr.  post 
graduate  progressively  respon¬ 
sible  work  exp.  as  Software  Eng. 
For  prompt  consideration, 
please  submit  your  resume/CV 
with  the  following  codes  includ¬ 
ed;  AD-COMPUTER/1 2295BR, 
Avaya  Inc.  P.O.  Box  549248, 
Suite  188,  Waltham,  MA,  02454- 
9248.  EOE. 


ENGINEERING 

Software  Engineers  in  Lincroft, 
NJ  to  design,  develop,  code,  test 
and  implement  web  applications 
for  providing  authorization, 
authentication,  delegated  adm¬ 
inistration  and  secure  seamless 
connection  for  secure  services 
platform  applications  using 
J2EE  and  related  Java  technolo¬ 
gies  (JDBC,  JNDI  &  JMS), 
TCP/IP  and  windows  socket  net¬ 
working  technologies  and  com¬ 
ponent  development  tools  such 
as  COM,  COM+  and  Java 
Beans  in  Solaris  and  Linux  envi¬ 
ronments;  test  web  applications 
using  Visual  Cafe  skills  and 
deploy  them  on  WebLogic 
Application  Server  8.1  using 
J2EE  technologies;  Java  and 
C/C++  programming  languages 
to  develop  data  communication 
and  modem  emulation  software 
operating  in  Linux  environments; 
develop  MS  Outlook  calendaring 
systems  using  CDO  skills.  BS  in 
Comp.  Sc.  or  Eng.  5  yr.  post 
graduate  progressively  respon¬ 
sible  work  exp.  as  Software  Eng. 
For  prompt  consideration, 
please  submit  your  resume/CV 
with  the  following  codes  includ¬ 
ed;  AD-COMPUTER/1 2295BR, 
Avaya  Inc.  P.O.  Box  549248, 
Suite  188.  Waltham,  MA,  02454- 
9248.  EOE. 


Computer  Programmer  needed 
for  IT  Development  and 
Consulting  Firm  located  in 
Cedar  Rapids,  IA.  Job  duties 
include:  Work  as  part  of  a  team 
under  the  close  supervision  of 
senior  team  members,  team 
leader  and/or  project  leader, 
assists  in  the  development, 
installation  and  maintenance  of 
large  computer  software  appli¬ 
cations  using:  SAP,  JAVA, 
HTML,  Weblogic.  Applicant  must 
have  a  Bachelors  Degree  in 
Computer  Science,  Mathe¬ 
matics  or  Engineering  or  foreign 
equivalency.  Applicant  must 
have  2  yrs  exp.  in  SAP,  JAVA, 
HTML,  Weblogic.  Mon-Fri,  9:00 
am  to  5:00  pm,  $60,000.00/yr. 
Must  have  proof  of  legal  author¬ 
ity  to  work  in  the  US.  Send 
resume  and  cover  letter  to:  Iowa 
Workforce  Center,  800  7th  St. 
SE,  Cedar  Rapids,  IA  52406. 
Please  refer  to  Job  Order 
IA1101820.  Employer  paid 
advertisement. 


Information  Technology 

Systems 

Engineer 

Meredith  Corporation  seeks  an 
experienced  systems  engineer 
to  develop  and  support  the  inter¬ 
active  technology  architecture, 
standards,  and  directions. 
Qualified  candidate  will  have  a 
minimum  of  2  years  internet 
technology  and  architecture 
experience  with  a  familiarity  in 
Java-based  technologies,  UML, 
XML,  Java,  EJB  and  relational 
databases.  ATG  Dynamo  a 
plus. 

Location:  Des  Moines,  Iowa 

Visit  www.meredith.com  for 
more  information  on  this  exciting 
opportunity. 

Send  cover  letter  and  resume  to: 
N.  Rogers,  Meredith  Corp¬ 
oration,  Staffing  Services/Dept. 
386,  1716  Locust  St.,  Des 
Moines,  IA  50309-3023.  Fax: 
(515)284-2958.  EOE 

^/Meredith 

■  CORPORATION 


COMPUTER 

Network  Systems  Administrators 
in  Lincroft,  New  Jersey  to  plan, 
design,  configure,  install  and 
troubleshoot  LAN/WAN  as  well 
as  CRM  and  Siebel  2000,  7.0, 
and  7.5  e-business  applications 
operating  in  Windows,  AIX  5.x, 
Sun  Solaris,  UNIX  and  LINUX 
R&D  lab  environment;  install, 
integrate  and  administer  MS 
SQL,  Oracle  and  DB2  databas¬ 
es  operating  in  multiple  environ¬ 
ments;  configure,  install,  admin¬ 
ister  and  troubleshoot  MTS, 
MSMQ,  MS  Exchange,  MS 
Terminal,  IIS  and  Apache  web 
servers;  administer  and  trou¬ 
bleshoot  Rational  ClearCase, 
Visual  SourceSafe  and  related 
source  control  applications;  and 
implement  back-up  strategies 
using  Veritas,  Microsoft  and 
Acrserv  tools.  MS  in  Comp. 
Science  or  Electrical  Engin¬ 
eering.  3  yrs.  exp.  as  Network/ 
Systems  Administrator  or 
Systems  Engineer.  Willing  to 
accept  foreign  educational 
degree.  Willing  to  accept  BS  in 
Engineering  plus  5  yrs  of  post 
graduate  progressively  respon¬ 
sible  work  experience.  For 
prompt  consideration,  please 
submit  your  resume/CV  with  the 
following  codes  included:  AD- 
COMPUTER/12341  BR,  Avaya 
Inc.  P.O.  Box  549248,  Suite  188, 
Waltham,  MA,  02454-9248. 
EOE 


SENIOR  SOFTWARE  ENGI¬ 
NEER  to  lead  a  team  in  the 
design,  development,  testing 
and  implementation  of  applica¬ 
tion  software  using  Oracle 
Applications  (Financials,  Pro¬ 
jects,  Internet  Procurement, 
HRMS),  Oracle  Designer, 
Oracle  Discoverer,  ADI,  PL/SQL, 
SQL  Loader,  Data  Loader,  SQL 
Navigator/Toad,  PERL,  and 
Shell  Scripts  on  UNIX  and 
Windows  2000/NT  operating 
systems;  Supervise  and  men¬ 
tor  junior  programmers  and 
engineers.  Require:  Bachelor's 
degree  in  Computer  Science,  an 
Engineering  discipline,  or  a 
closely  related  field  with  five 
years  of  progressively  responsi¬ 
ble  experience  in  the  job  offered 
or  as  a  Software  Consultant  / 
Programmer  Analyst.  Exten¬ 
sive  travel  on  assignment  to  var¬ 
ious  client  sites  within  the  U.S.  is 
required.  Competitive  Salary 
Offered.  Send  resume  to:  Fred 
Thomas,  President,  Elite 
Information  Systems,  Inc.,  2021 
Art  Museum  Drive.  Suite  110, 
Jacksonville,  FL  32207;  Attn: 
Job  NY. 


Knowledge  Mgmt  Proj  Consultant 
-  Partner  w/customers  to  investi¬ 
gate  &  analyze  info,  knwldg  &  col¬ 
laboration  reqts  to  improve  ability 
to  leverage  info  &  knwldg  to  inter¬ 
nal  &  external  orgs.  Determine  & 
scope  alternative  solutions  & 
related  benefits  to  meet  needs. 
Req.  MBA  &  5  yrs  exp  in  job 
offered  or  5  yrs  exp  consulting  in 
knwldg  mgmt.  Bkgd  in  educ, 
train'g  or  exp  must  ind  proj  mgmt 
methodology,  sales  &  mktg  exp  in 
electronic  publishing  or  info  solu¬ 
tions;  competitive  intelligence; 
exp  managing  or  dev'g  info, 
knwldg,  collaborative  &  e-learn- 
ing  solutions.  Specific  exp  should 
incl  external  consulting  to  variety 
of  clients  &  dev'g/delivery  of  inno¬ 
vative  solutions  for  info  &  knwldg 
mgmt  incl  acquisition  of  external 
content.  Solutions  should  include 
web-based  intranets  or  portals, 
search  engines,  content  sourc¬ 
ing;  collaborative,  expertise  &  e- 
learning  tech.  Must  have  ability  to 
comm  &  negotiate  at  all  levels 
both  internal  &  external  to  org 
(e.g.  vendors);  40  hrs/wk;  salary 
commens  w/exp.  Resumes  to  IT 
Careers,  500  Old  Conn  Path, 
Framingham,  MA  01701,  Box  # 
4868 


Senior  Programmer/Analyst: 
Analyzes,  tests,  modifies,  and 
maintains  customized  computer 
applications  in  multiple  operat¬ 
ing  system  client/server  environ¬ 
ment  according  to  user  require¬ 
ments  and  procedures  using 
Java/J2EE,  XML,  C/C++, 
Oracle,  BC4J,  Weblogic  and 
WebSphere.  Formulates  pro¬ 
gram  and  system  design  proce¬ 
dures,  test  plans,  and  program 
development  specifications. 
Prepares  technical  documenta¬ 
tion.  May  serve  as  team  leader. 
Must  have  BS  or  equivalent  in 
CS/CA/Math/Engineering  or 
related.  Must  have  2  yrs  exp.  in 
job  offered  or  in  software  devel¬ 
opment  with  C++,  J2EE, 
Weblogic  &  WebSphere.  Will 
accept  a  foreign  degree  evaluat¬ 
ed  by  a  recognized  authority  as 
equivalent  to  a  bachelor's 
degree.  Must  be  willing  to  be 
assigned  to  unanticipated  client 
sites  throughout  the  State  of 
Maine.  Salary:  $82,000/  yr.  Hrs: 
8:00am-5:00pm,  40/wk.  Please 
send  2  copies  of  resume  to: 
Bureau  of  Labor  Standards,  45 
State  House  Station,  Augusta, 
Maine,  04333-0045  Please  refer 
to  Job  Order  #42750  for 
Programmer/  Analyst. 


We  seek  exp'd  IT  professionals 
with  min.  2  yrs.  exp.  using 
HP9000,  Peoplesoft  8.4  Tools, 
PS  Internet  Architecture,  Super 
C,  SQA  Suite,  Object  Security, 
SQR,  etc.  B.S  C/S  or  Eng'g  or 
Elect  &  Comm.  reqd.  Send 
resume  only  to  Paramount 
Software  Solutions,  Inc.,  3350 
Riverwood  Pkwy.,  Ste  1900, 
Atlanta,  GA  30339. 


N-Gen  Communications  Serv¬ 
ices,  Inc  seeks  the  services  of  IT 
professionals  with  min.  2  yrs. 
exp.  using  at  least  the  following 
skills:  OOAD  using  UML 
Modeling,  Rational  Tools,  J2EE 
Tech.,  Service  -  Oriented 
Architecture  and  Web  Services 
Technologies,  etc.  Candidates 
must  have  B.S.  or  M.S.  in  C/S  or 
Eng’g.  Please  send  resumes  to 
P.O.  Box  78856,  Charlotte,  NC 
28271. 


Medical  Imaging  Software 
Engineer  -  Must  have  M.S.  in 
Computer  Science  or  Bio¬ 
medical  Engineering.  To  partici¬ 
pate  in  the  research  and  devel¬ 
opment  work  of  the  company's 
new  3D  image  display  product: 
Computed  Tomography  Laser 
Breast  Imaging  System  (CTLM). 
Will  be  responsible  for  creating 
an  interface  software  which  will 
integrate  functions  of  scanner 
control,  signal  acquisition,  image 
reconstruction,  and  patient  data¬ 
base.  Will  have  the  additional 
responsibility  of  ensuring  that  all 
products  are  DICOM  compati¬ 
ble,  developing  software  for  the 
Company's  medical  device 
product,  developing  utility  pro¬ 
grams  and  tools  to  support  other 
software  engineers,  and  devel¬ 
oping  documentation  as  per  the 
Company's  software  develop¬ 
ment  methodology.  Must  be 
familiar  with  C++,  API  and  SQL. 
Must  have  1  year  of  image  pro¬ 
cessing  experience  or  gaming 
experience  in  the  medical  indus¬ 
try.  Qualified  candidates  must 
send  resumes  to  Imaging 
Diagnostic  Systems,  Inc,  Trishia 
Firth,  H.R.  Manager.  6531  NW 
18th  Court,  Plantation,  FL, 
33313. 


Programmer/Analyst  needed  for 
Software  Development,  Serv¬ 
ices  &  BPO  firm  located  in 
Burlington,  VT.  Job  duties 
include:  Analyze,  design,  devel¬ 
op,  code,  implement  and  test 
computer  software  applica¬ 
tions/systems  for  clients  located 
throughout  the  U.S.  using 
Unified  Modeling  Language 
(UML)  through  Rational  Rose. 
Toad/SQL+  and  Oracle  in  a 
Windows  environment.  Appli¬ 
cant  must  have  B.S.  degree  in 
Computer  Science,  Business, 
Mathematics  or  Engineering. 
Applicant  must  also  have  2  yrs. 
exp.  in  the  job  duties  described 
above  or  in  any  computer  relat¬ 
ed  occupation  which  includes 
the  skills  listed  above.  40hrs/ 
wk,  9:00am  -  5:00pm,  M-F, 
$60,000/yr.  Send  resumes  to: 
Job  No.  607940,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


PROGRAMMER/ANALYST  (2 
positions)  to  analyze,  design, 
develop,  implement  and  test 
application  software  using 
Oracle,  Developer  2000,  Visual 
Basic,  SQL,  PL/SQL,  SQR,  C, 
C++,  Perl,  CGI,  Shell  Scripting, 
Java,  JSP,  Servlets  and  EJB  on 
UNIX  and  Windows  platforms; 
Require:  B.S.  degree  in 
Computer  Science,  an  Engin¬ 
eering  discipline,  or  a  closely 
related  field  with  two  years  of 
experience  in  the  job  offered  or 
as  a  Programmer.  Extensive 
travel  on  assignments  to  various 
client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Sudhakara  Ravoori,  Sai 
Technical  Services,  !nc„  626 
Wendover  Drive,  Ridgeland,  MS 
39157;  Attn:  Job  SA. 


Support  Engineer  (Boston). 
Requirements:  Bachelors 

degree  +  2yrs  exp  in  OS  sup¬ 
port,  productivity  apps,  TCP/IP, 
networking  &  printing.  Duties: 
Administer  WINNT  svrs  &  work¬ 
stations  (LAN/WAN)  using  SMS 
management  tools.  Develop  & 
maintain  automation  scripts  in 
Batsh  &  Visual  Basic;  MS 
Access  databases  for  client  sup¬ 
port;  Intranet-based  knowledge 
bases  in  HTML  &  Java.  Assist  w. 
developing,  deploying,  user 
training  &  troubleshooting. 
Report  on  network  status  &  user 
satisfaction.  Relocation  within 
USA  possible.  Attractive  comp 
pkg.  Resumes  to  Susan 
Labandibar,  Computer  Ware¬ 
house  Associates,  574 
Dorchester  Ave.,  S.  Boston,  MA 
02127. 


IT  Careers 

COMSYS  is  an  established  IT 
consulting  firm  that  serves  lead¬ 
ing  corporations  including  174  of 
the  Fortune  500.  With  COM¬ 
SYS,  you  get:  Extensive 
Benefits,  Additional  Compen¬ 
sation  for  referrals,  and 
Professional  Challenges  with 
training  and  assignments  to 
keep  you  at  the  forefront  of  tech¬ 
nology.  With  30  offices,  we  need 
the  services  of  experienced  con¬ 
sultants  across  the  US: 

•  Computer  Programmers 

•  Programmer  Analysts 

•  Systems  Analyst 

•  Software  Engineers 

•  User  Support  Specialists 

•  DBA's 

•  Business  Analysts 

•  Project  Leaders 

Submit  resume  to: 

COMSYS 
3030  LBJ  Freeway 
Suite  905 
Dallas,  TX  75234 
www.comsys.com 
Fax:  972-960-0914 
EOE/M/F/DV 


Systems  Analyst  needed  for 
Software  Development,  Serv¬ 
ices  &  BPO  firm  located  in 
Burlington,  VT.  Job  duties 
include:  Analyze,  design,  devel¬ 
op,  code,  implement  and  test 
computer  software  applica¬ 
tions/systems  for  clients  located 
throughout  the  east  coast.  Will 
use  JAM  (JYACC  APPLICA¬ 
TION  MANAGER).  JAVA  C, 
POWERBUILDER.  SYBASE, 
and  SYBASE  REPLICATION 
SERVER  on  both  Windows  and 
UNIX  platforms.  Applicant  must 
have  B.S.  degree  in  Computer 
Science,  Business,  Mathematics 
or  Engineering.  Applicant  must 
also  have  2  yrs.  exp.  in  the  job 
duties  described  above  or  in  any 
computer  related  occupation 
which  includes  skills  listed 
above.  40hrs/wk,  9:00am- 
5:00pm,  Mon-Fri,  $65,000/yr. 
Send  resumes  to:  Job  No. 
607992,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


We  have  various  openings  for 
Programmer  Analysts  posi¬ 
tions:  Develop  web  based  appli¬ 
cations  using  IDE,  tools  used: 
SQL  &  PL/SQL  or  Development 
of  applications  in  Clearcase, 
tools  used:  Java,  C++,  Perl, 
CVS  or  Programming  using 
Oracle  database,  tools  used: 
Oracle  Warehouse  Builder, 
Informatica  Min  Edu-BS  in 
Comp.Sc./Engg  or  equi,  Min 
Exp-2  yrs.  Software  Engineers- 
Design,  develop  and  implement 
software  systems,  tools  used:  C, 
C++,  Assembly,  Java.  Min  Exp  6 
yrs.  Financial  Analysts- 
Analyze  using  Oracle  Database, 
tools  used:  Oracle  Warehouse 
Builder,  Informatica  Min  Edu-BS 
in  Finance  or  equi,  Min  Exp-2 
yrs.  Job  may  involve  working  at 
various  locations  throughout  the 
US.  Please  send  resumes  to 
Attn:  HR,  Tekessence  Inc  .  1001 
Office  Park  Road,  Suite  #107 
West  Des  Moines,  IOWA  50265 


We  know  you're  in  demand.  So  demand 
the  best  environment  for  your  growth: 
IT  consulting  with  an  international 
leader.  We're  everywhere  business  and 
industry  are,  with  offices  all  over  the 
country.  So  you've  always  got  a  new  set 
of  challenges,  with  total  support.  We're 
currently  recruiting  the  following  pro¬ 
fessionals,  including  Programmers, 
Analyst/Programmers;  Dalabase 
Analysts;  Application  Development 
Specialists;  Software  Engineers; 
Quality  Assurance  Analyst;  Network 
Administrators;  Operations  Specialists; 
and  Information  Systems  Coordinators. 

To  apply  for  positions  in  any  of  our  dis¬ 
trict  olfices.  please  visit  our  website  at 


www.ajilon.com 


AJILON  CONSULTING 

An  Equal  Opportunity  Employer 


Business  Objects  has  an  open¬ 
ing  for  the  position  of  Sr. 
Consultant  to  be  based  out  of 
our  Atlanta,  GA  office.  The  posi¬ 
tion  requires  a  Bachelor's  or  for¬ 
eign  degree  equivalent  in 
Computer  Science,  Mechanical 
Engineering,  or  related,  plus 
seven  (7)  years'  experience  as  a 
Software  Analyst  in  Systems/ 
Database  Administration  or 
related.  Experience  must 
include:  1.  Business  Objects, 
including  Foundation  Architect 
and  Administrator  2.  Unix 
Administration,  and  3.  Business 
Objects  Weblntelligence  Archi¬ 
tect  and  Administrator.  To  apply 
for  a  position,  visit  our  website  at 
www.businessobjects.com/caneers 
or  forward  your  resume  (ref 
CW1203)  to:  Business  Objects 
Americas,  Attn:  Staffing,  3030 
Orchard  Pkwy,  San  Jose,  CA 
95134.  EOE 


Database  Administrator, 
Rutland,  VT  &  various  unantici¬ 
pated  client  locations:  Admin¬ 
ister  &  coordinate  custom 
Oracle  database  on  RAC;  Data 
replication,  Data  Mining,  monitor 
&  tune  performance  in  internal 
&  external  database  in  Oracle  & 
Unix  environment.  Physical  & 
logical  database  design.  Deter¬ 
mine  impact  of  database 
changes  on  network  &  refine 
changes  in  whole  cycle  project 
to  implement  security  measures 
&  transformation  using  JBoss. 
LDAP,  XML,  XSLT  &  Warehouse 
Builder.  Req.  Bachelor’s  in 
Computer  science  or  Engin¬ 
eering  or  Maths  or  MIS+2  yrs 
exp  in  job  offered.  Sal. 
$54,000/yr  -  40  hrs/wk,  Send 
resume  to:  Attn:  Job  No. 
607997,  P.O.  Box  488, 
Montpelier,  VT  05601-0488. 


We  seek  exp'd  IT  professionals 
&  Functional  Business  Cons¬ 
ultants  /  Analysts  with  min.  2  yrs. 
exp.  in  business  modeling,  inter¬ 
active  applications,  etc.  using 
Aviant  4GL,  Cognos  utilities, 
Informatica  4.7,  Business 
Objects  Tech.,  OWB,  Oracle 
8i/9i,  etc.  B.S  C/S,  Bus.  Admin, 
or  MIS  or  Economics  reqd.  Send 
resumes  only  to  Paramount 
Software  Solutions,  Inc.,  3350 
Riverwood  Pkwy.,  Ste  1900, 
Atlanta,  GA  30339. 


Senior  Web  Support  Prog¬ 
rammer  for  International 
Company  in  Boston  Metro¬ 
politan  area.  Skill  requirements 
to  include;  Java,  Javascript  and 
JSP  programming  languages 
and  two  years  of  experience 
with  the  Windows  NT  and  /  or 
Sun  Solaris  operating  systems. 
Experience  in  hotel  industry  pre¬ 
ferred.  Forward  resumes  to 
Starwood  Hotels  &  Resorts 
Worldwide,  Inc.,  Department  of 
Human  Resources,  1515 
Washington  Street,  Braintree, 
Massachusetts  02148  or  by  fax 
to  (781)  380  0427 


Want  a  new 
IT  career? 


Check  out  our  jobs 
in  the  combined 
CareerJournal.com 
database. 


vvvv  vv.itca  reers.com 
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Microsoft  Loosens  Policy 
On  Intellectual  Property 


Says  anything  in  its 
portfolio  could  be 
available  for  licensing 

BY  STACY  COWLEY 

ICROSOFT  CORP. 
last  week  un¬ 
veiled  a  new  tech¬ 
nology-licensing 
policy  that  it  said  signals  its 
commitment  to  working  with 
other  vendors  on  intellectual 
property  swaps  and  is  intend¬ 
ed  to  drive  interoperability 
and  innovation. 

Microsoft  will  create  licens¬ 
ing  programs  to  offer  access  to 
a  broad  range  of  its  intellectu¬ 
al  property,  including  copy¬ 
rights,  trademarks,  file  for¬ 
mats  and  schema,  software 
technology,  and  Microsoft- 
developed  standards  specifi¬ 
cations.  The  company  also  in¬ 
troduced  programs  offering 
technology  and  patent  licens¬ 
es  for  its  Clear  Type  technolo¬ 
gy  for  improving  the  readabili¬ 
ty  of  text  on  LCDs,  and  for  its 
FAT  (File  Allocation  Table) 
file-system  storage  format. 

Some  of  the  licensing  pro¬ 
grams  will  be  royalty-free,  like 
the  Office  XML  schemas  Mi¬ 
crosoft  began  offering  develop¬ 
ers  last  month,  executives  said. 
Others,  like  its  ClearType  and 
FAT  programs,  will  carry  fees. 

Microsoft’s  new  licensing 
approach  is  unrelated  to  its 
antitrust  settlement  agree¬ 
ment  with  the  U.S.  Depart¬ 
ment  of  Justice  and  its  ongo¬ 
ing  skirmish  over  the  same  is¬ 
sue  with  the  European  Com¬ 
mission,  according  to  Brad 
Smith,  the  company’s  general 
counsel.  “We  felt  it  was  impor¬ 
tant  to  take  this  step,  based  on 
our  strong  dialogues  with  a 
number  of  other  companies  in 
our  industry,”  Smith  said. 

Joe  Wilcox,  a  Washington- 
based  Jupiter  Research  ana¬ 


lyst,  called  the  new  policy  an 
“important  first  step”  for  Mi¬ 
crosoft,  as  the  industry’s  most 
notorious  proponent  of  pro¬ 
prietary  technology  edges  to¬ 
ward  a  more  open  approach  to 
product  development. 

“Traditionally,  Microsoft 
has  been  very  guarded  about 
its  [intellectual  property].  Its 
approach  has  been  to  try  to 
differentiate  itself  from  others 
with  [it],”  he  said.  “I  think 
what  you’re  really  seeing  here 
as  much  as  anything  is  evi¬ 
dence  of  the  changes  going  on 
within  Microsoft.” 

Anything  in  Microsoft’s 
portfolio  is  potentially  avail¬ 
able  for  licensing,  Smith  said. 
“Access  to  and  exchange  of 
intellectual  property  is  really 
essential  to  the  continued 


Continued  from  page  1 

HP  Blades 

larger  and  larger  systems  with 
the  same  amount  of  techni¬ 
cians,”  Norby  said. 

Likely  desktop  replacement 
candidates  are  users  who  pri¬ 
marily  use  Windows  and  Of¬ 
fice  and  who  don’t  have  a  lot 
of  custom  applications  run¬ 
ning  on  their  systems. 

Although  notebook  users 
tend  to  be  outside  of  the  target 
market  for  thin  clients,  those 
who  typically  use  their  note¬ 
books  when  connected  re¬ 
motely  to  a  network  can  use 
them  to  connect  to  a  blade. 

The  strongest  candidates 
for  PC  blades  are  IT  shops 
that  have  already  “maxed  out 
on  how  much  improvement 
they  can  get  out  of  their  tradi¬ 
tional  desktops,”  said  Jeff 
Groudan,  vice  president  of 
product  marketing  in  HP’s 
Personal  Systems  Group. 

Groudan  claimed  that  corn- 


growth  and  development  of 
the  broader  IT  industry,”  he 
said.  “Microsoft  is  committed 
to  licensing  its  intellectual 
property  on  clear,  commer¬ 
cially  reasonable  terms  based 
on  industry  norms.” 

Windows  APIs  in  Demand 

Although  Microsoft  owns  a 
vast  array  of  intellectual  prop¬ 
erty,  the  technologies  other  de¬ 
velopers  most  often  clamor  for 
are  those  associated  with  its 
Windows  operating  system 
and  Office  applications  suite. 
Microsoft  allows  limited  access 
to  information  on  those  prod¬ 
ucts’  underpinnings  through 
initiatives  such  as  its  tightly 
controlled  shared-source  pro¬ 
gram.  Executives  were  guarded 
about  how  extensively  the 


panies  running  1,000  or  more 
desktops  could  scrap  as  many 
as  half  of  their  existing  desk¬ 
top  systems  in  favor  of  thin 
clients.  HP  believes  a  dedicat¬ 
ed  blade  will  offer  consistent 
levels  of  performance,  ad¬ 
dressing  a  key  concern  some 
users  have  had  about  sever- 
based  thin  clients,  he  said. 

Officials  at  Austin-based 
ClearCube  Technology  Inc., 
which  sells  a  PC  blade  system 
that  uses  Pentium  4  chips, 
said  that  more  than  500  cus¬ 
tomers  have  adopted  its  sys¬ 
tems.  HP’s  decision  to  com¬ 
pete  in  the  PC  blade  market 
“validates  this  whole  PC  blade 
computing  category,”  said  Raj 
Shah,  ClearCube’s  chief  mar¬ 
keting  officer. 

The  U.S.  Air  Force’s  security 
forces  headquarters  at  Lack- 
land  Air  Force  Base  in  San  An¬ 
tonio  recently  adopted  PC 
blades  from  ClearCube  after 
looking  at  a  number  of  server- 
based  thin  clients.  Senior  net¬ 
work  engineer  Rick  Johnsen 


SAMPLE  LICENSING  FEES 

File  Allocation  Table 
technology:  25  cents  per  unit 
incorporating  the  system,  such  as 
memory  cards  and  digital  cam¬ 
eras,  Fees  are  capped  at 
8250,000  per  manufacturer. 

ClearType  technology: 

Fees  will  generally  be  in  the 
range  of  SI  to  S3  per  device, 

such  as  handheld  computers 
and  mobile  phones. 


company  might  consider  ex¬ 
panding  its  Windows-  and 
Office-related  licensing. 

“We’re  aware  of  the  API  is¬ 
sue,”  said  David  Kaefer,  Micro¬ 
soft’s  director  of  business  strat¬ 
egy  for  intellectual  property. 
“We’d  like  to  improve  informa¬ 
tion  about  the  APIs  that  are  al¬ 
ready  available,  and  then  we 
need  to  see  what  people  say. 
Clearly,  to  the  extent  that  peo¬ 
ple  are  still  asking  questions 
about  them,  there’s  interest.” 

Microsoft  has  been  working 
for  nearly  a  year  on  develop¬ 


ing  a  clearer  intellectual  prop¬ 
erty  policy,  Smith  said,  point¬ 
ing  to  the  company’s  recent 
hiring  of  Deputy  General 
Counsel  Marshall  Phelps  as  a 
sign  of  its  commitment  to  ex¬ 
panding  licensing.  Phelps  will 
manage  Microsoft’s  intellectu¬ 
al  property  portfolio  and  field 
requests  for  access. 

Although  Microsoft  will 
charge  for  some  of  its  licens¬ 
ing  arrangements,  the  compa¬ 
ny  doesn’t  expect  the  new  pro¬ 
grams  to  generate  significant 
revenue.  “That’s  not  why 
we’re  doing  this,”  Smith  said. 

Wilcox  said  he  sees  the  new 
licensing  approach  as  a  sincere 
effort  by  Microsoft  to  play 
nicely  with  others  in  the  indus¬ 
try.  Steve  Ballmer,  now  almost 
four  years  into  his  tenure  as 
Microsoft’s  CEO,  is  more  inter¬ 
ested  in  industry  collaboration 
than  was  his  predecessor,  Bill 
Gates,  Wilcox  said.  ©  43342 


Cowley  writes  for  the  IDG 
News  Service. 


said  the  blades  provide  a  desk¬ 
top  experience  that’s  indistin¬ 
guishable  from  that  of  a  fully 
loaded  desktop  PC.  Moreover, 
the  server-based  options  typi¬ 
cally  required  additional  train¬ 
ing  and  didn’t  necessarily  sup¬ 
port  peripherals  such  as  card 
readers,  he  added. 

Improved  security  over  tra¬ 
ditional  desktop  PCs  is  a  major 
reason  why  military  and  in- 


Blade  Runner 


The  HP  system  wifi  be  available 
in  March;  pricing  is  as  follows: 

Desktop  thin  client:  Starts 
at  $349 

PC  blade:  $799  . 

Full  implementation,  including 
customization,  implementa¬ 
tion,  training  and  support: 

Starts  at  under  $1,500  per  seat; 
lor  very  large  users  replacing  tens 
of  thousands  of  desktops  with 
blades,  it  will  be  discounted  to 
about  $1,000  per  seat. 


telligence  groups  have  been 
early  adopters  of  thin-client 
architectures,  analysts  say. 

And  it’s  a  need  that  may  also 
drive  private-sector  businesses 
that  are  struggling  with  patch 
management  to  look  more 
closely  at  thin  clients. 

Security  “was  big  for  us,” 
said  Johnsen.  “What  really  sold 
us  was  the  ability  to  manage 
the  computers  centrally.” 

Although  HP  sees  a  large 
potential  for  its  PC  blades, 
the  reality  is  that  thin-client 
systems,  most  of  which  are 
server-based,  constitute  only 
1%  of  PC  shipments.  Market 
research  firm  IDC  estimates 
2003  thin-client  shipments 
at  1.45  million  units  and  fore¬ 
casts  20%  annual  growth  to 
3.3  million  units  by  2007. 

IDC  analyst  Bob  O’Donnell 
said  HP’s  move  raises  the  pro¬ 
file  of  an  industry  sector  dom¬ 
inated  by  small  companies. 
“The  thin-client  industry 
needs  a  big  player  like  HP 
behind  it,”  he  said.  ©  43336 
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Please  join  Samsung,  Sears 
and  Boomer  to  help  the  children 


Samsung’s  Four  Seasons  of  Hope,  Sears  and  Boomer  Esiason  have  teamed  up  to  make  a  difference  in  the 
community.  The  funds  we  raise  help  to  find  a  cure  for  cystic  fibrosis.  The  Boomer  Esiason  Foundation  has 
raised  over  22  million  dollars  and  is  advancing  the  cause  through  partnerships  with  companies  like  Samsung 
and  Sears.  We’re  proud  to  support  this  deserving  cause.  To  find  out  how  you  can  help,  visit  www.estason.com 
or  contact  the  Boomer  Esiason  Foundation  at  212-525-7777.  The  Four  Seasons  of  Hope.  Because  no  one 
should  ever  go  without. 
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Talk  Is  Cheap 

ORE  THAN  300  IT  executives  were  at  the  National 
Cyber  Security  Summit  last  week  (see  story,  page  1). 
About  97%  of  them  were  from  IT  vendors.  What 
they  got  from  Homeland  Security  Secretary  Tom 
.Ridge  was  jawboning  about  how  the  industry  has  to 
do  more  to  secure  cyberspace  or  else  they  just  might  be  subject  to 
government  regulation. 

Let’s  translate  that:  There  won’t  be  regulation  anytime  soon.  Com¬ 
panies  that  aren’t  IT  vendors  aren’t  players  in  this  game.  And  if  your 
company  wants  better  IT  security,  you’re  on  your  own. 


Does  that  sound  like  a  cynical  assessment? 

It’s  not.  A  year  after  the  first  drafts  of  “The  Na¬ 
tional  Strategy  to  Secure  Cyberspace”  began 
circulating,  we  have  a  pretty  clear  picture  of 
what  the  U.S.  government  is  and  isn’t  willing  to 
do  to  beef  up  IT  security,  both  in  products  and 
on  the  Internet. 

The  feds  are  willing  to  do  a  lot  of  encourag¬ 
ing.  They’re  not  willing  to  do  much  enforcing. 

Compare  that  with  what  the  feds  have  man¬ 
dated  for  non-IT  security:  the  airport  check¬ 
points,  the  special  registration  programs  for 
foreign  nationals,  the  increased  surveillance, 
the  gun-toting  guards.  Whatever  the  effective¬ 
ness  of  these  efforts,  there’s  no  doubt  that  the 
government  is  willing  to  take  a  strong  hand 
when  it  comes  to  physical  security. 

Or  compare  it  with  what  was  mandated  in  the 
face  of  Y2k:  corporate  disclosure  of  the  risks 
and  costs  of  Y2k  in  financial  statements  filed 
with  the  Securities  and  Exchange  Commission. 

Real  concern  translates  into  action.  But  we’re 
not  getting  that  when  it  comes  to  cybersecurity. 
What  we’re  getting  is  just  a  lot  of  talk. 

There’s  nothing  wrong  with  Ridge  talking 
about  the  cybersecurity  problem.  It  raises 
awareness.  It  encourages  people  to 
kick  around  ideas.  It  signals  that  cy¬ 
bersecurity  hasn’t  completely  fallen 
off  the  radar. 

But  a  serious,  active  cybersecuri¬ 
ty  push?  It  won’t  happen. 

In  fact,  we  aren’t  even  likely  to 
see  the  U.S.  government  use  its  for¬ 
midable  IT  purchasing  power  to 
goose  vendors  along  toward  better 
security.  In  government  IT,  as  in  the 
private  sector,  cost  is  an  issue  —  it’s 
often  the  issue.  And  the  lowest  bid 
will  always  have  an  advantage  over 
improved  security. 


And  in  practice,  neither  the  government  nor 
IT  vendors  even  want  to  hear  from  corporate 
IT  about  security.  So  we  are  truly  on  our  own. 

What  can  we  do?  The  usual,  of  course:  beef 
up  patch  regimens.  Test  proactively.  Turn  on 
security  features.  Turn  off  other  features  that 
aren’t  needed.  Encrypt.  Subnet.  Limit  trust  be¬ 
tween  machines  wherever  possible.  Check  logs 
at  every  level,  from  intrusion-detection  systems 
down  to  individual  users’  PCs. 

Then  begin  making  a  plan  to  transition  to  IP 
Version  6  —  one  of  the  few  clear  action  items 
on  the  government’s  agenda. 

And  then  take  a  page  from  the  government’s 
playbook.  As  long  as  all  we’re  getting  from  the 
feds  is  a  lot  of  talk,  use  that  talk.  Make  sure 
your  top  brass  hear  about  last  week’s  talkfest. 
Pull  down  a  copy  of  “The  National  Strategy  to 
Secure  Cyberspace”  from  www.whitehouse.gov/ 
pcipb.  Circle  the  scary  parts.  Start  laying  the 
groundwork  for  a  bigger  security  budget  re¬ 
quest  in  the  next  budget  cycle. 

Talk  up  security  with  non-IT  managers.  Un¬ 
derline  the  problem.  Raise  awareness.  Ask  for 
suggestions.  Find  out  what  it  will  take  to  get 
users  to  support  security  policies  instead  of 
fighting  them. 

Then  politic  the  heck  out  of  your 
successes  when  you  stop  viruses, 
worms,  intrusions  and  denial-of- 
service  attacks.  Let  users  and  man¬ 
agement  know  that  the  threats  are 
there  and  that  you  can  stop  them 
—  when  you  have  help  from  users 
and  the  necessary  resources  in 
your  budget. 

It’s  not  the  same  as  having  the 
full,  active  support  of  the  U.S.  gov¬ 
ernment  and  IT  vendors  in  secur¬ 
ing  cyberspace.  But  for  now,  it’s  all 
you’re  going  to  get.  ©  43293 
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The  Old  Light  Bulb  Problem 

Why  didn’t  the  generators  kick  in  during  the  latest 
power  outage?  wonders  sysadmin  pilot  fish.  The  an¬ 
swer:  A  maintenance  worker  changing  a  fluorescent 
light  bulb  in  the  computer  room  accidentally  tripped 
the  emergency  power-off  switch  when  he  pushed  a 
box  against  it.  “Because  the  switch  is  designed  to  be 
used  in  an  emergency  such  as  fire,  injury  or  flood,  the 
UPS  system  was  not  activated,”  fish  sighs.  “And  this  is 
our  company’s  disaster-recovery  hot  site.” 


SHARK 

TANK* 


New  Math 

Pilot  fish  needs 
the  default 
password  for  a 
software  prod¬ 
uct,  so  he  e-mails  the 
manufacturer’s  support 
department  -  although 
he’s  not  sure  they’ll 
agree  to  send  password 
via  unencrypted  e-mail. 
The  response:  “The 
password  is  a  secret.  But 
if  you  solve  1/*  where 
x = 0.000810372  and 
append  ‘00’  to  the  left  of 
the  resulting  four  most 
significant  digits,  the 
password  is  evident.” 

Great  Idea 

This  vendor’s  application 
runs  fast  and  well  in 
batch  mode  under  DOS 
or  Windows,  and  cus¬ 
tomers  are  happy  with  it. 
“Then  a  company  bigwig 
came  back  from  some 
industry  conferences 
and  was  determined  that 
we  needed  a  Windows 
version,  so  users  could 
interactively  manipulate 
data,”  says  a  program¬ 
mer  pilot  fish.  After  eight 
months  of  work,  a  prop¬ 
er  Windows  version  is 
ready  for  customers  to 
review.  Their  response? 
“They  asked  us  if  we 
could  add  hooks  into  the 
app,”  fish  says,  “so  that 
it  could  be  launched  via 
command-line  options 
and  used  in  batch 
mode.” 


Not  Your 
Father’s 
Report 
Writer 

This  over¬ 
loaded  university  IT  pilot 
fish  can’t  generate  all 
the  reports  requested  by 
users,  so  his  boss  offers 
to  pitch  in  using  a  Win¬ 
dows-based  report 
writer.  “I  should  be  able 
to  figure  this  out,”  boss 
tells  fish.  “I  used  to 
teach  Cobol.”  Two 
weeks  later,  the  boss 
hasn't  written  a  single 
report,  fish  says.  “But 
she  did  schedule  one  of 
the  help  desk  analysts  to 
attend  training  for  the 
reporting  software.” 

A  Matter  of  Taste 

Vendor  pilot  fish  is  work¬ 
ing  with  a  new  engineer, 
installing  the  product  for 
a  big  customer,  when 
the  CD  with  the  software 
doesn’t  seem  to  work. 
Did  you  bring  a  backup? 
fish  asks.  “No,  but  I’ll 
get  this  one  off,”  engi¬ 
neer  says.  Groans  fish, 

“I  knew  I  was  in  big 
trouble  when  -  with  sev¬ 
eral  of  the  customer’s  IT 
bigwigs  surrounding  us  - 
he  removed  the  CD, 
licked  it  profusely  and 
put  it  back.  I  called  the 
home  office  to  FTP  me 
what  I  needed  -  and  re¬ 
quested  a  new  engineer 
for  my  team  when  we 
got  back  home.” 


OFEED  THE  SHARK!  Send  your  true  tales  of  IT  life  to 
sharky@computerworid.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 
compirterworld.com/sharky. 
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The  AMD  Opteron"  processor,  superior  32-bit  performance  with  expanded  64-bit  capability. 

It’s  the  only  server  processor  designed  to  run  your  32-  and  64-bit  applications  simultaneously  and  without  compromise. 
AMD  Opteron  runs  on  AMD64,  a  breakthrough  architecture  that  enables  64-bit  technology  on  the  x86  platform-creating 
a  new  class  of  computing. 


The  world’s  highest  performing  2P  and  4P  industry  standard  servers 
are  now  powered  by  AMD  Opteron  processors.  Get  unparalleled  32-bit 
performance  and  the  ability  to  transition  seamlessly  to  64-bit  computing. 


Leverage  your  existing  investments  while  preparing  for  the  future.  It’s  one  architecture 
across  your  enterprise  that  offers  industry  leading  performance  for  your  32-bit  applications,  and  doesn’t 
require  a  forklift  upgrade  as  more  64-bit  applications  emerge.  It’s  just  another  way  AMD  designs  and  builds 
processors  with  you  in  mind.  For  a  closer  look  at  the  AMD  Opteron  processor,  visit  www.amd.com/opteron 
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Nerves  and  muscles  coordinate 
for  exceptional  physical  performance 


(e)  server 


Power  and  flexibility  coordinate 
for  exceptional  UNIX  performance. 

On  demand. 


Introducing  the  affordable  new  IBM  eServer  pSeries™  615. 

The  human  body  performs  exceptionally.  So  does  the  IBM  server 
line  for  UNIX®  The  new  IBM  eServer  pSeries  615  offers  110%  more 
performance  than  its  powerful  predecessor,  but  at  one-third  less 
starting  cost:  Prices  start  at  $5,7452  It  has  everything.  Fourth-generation 
POWER4+™  technology?  Yes.  Linux  ready?  Yes.  Autonomic  and 
self-healing  features?  Absolutely.  On  demand?  Of  course. 


eServer:  servers  for  on  demand  business. 

Can  you  see  it?  For  a  white  paper  on  why  POWER4+  and 
more  on  IBM  offerings  for  UNIX,  visit  ibm.com/eserver/p615 


'Performance  based  on  rPerf  (Relative  Performance)  results  of  2.50  for  a  1-way  p615  using  1.2GHz  POWER4+  processors  and  16GB  of  memory  vs.  1.19  for  a  1-way  p610  using  450MHz  POWER3-II  processors  and  8GB  of  memory.  rPerl  is  an 
IBM  estimate  of  commercial  processing  performance.  Pricing  based  on  p615  Express  Configuration  with  1-way  1.2GHz  POWER4+  processor,  1 GB  memory  and  one  36.4GB  disk  drive  at  $5,745  vs.  p610  Express  Configuration  with  1-way 
450MHz  POWER3-II  processor,  1GB  memory,  CD-ROM  and  one  36.4GB  disk  drive  at  $8,895.  Both  Express  Configurations  include  AIX  license  and  one  year  of  Software  Maintenance  for  AIX  Operating  Systems  (SWMA).  ?For  p615  Express 
Configuration.  U  S.  list  prices  are  current  as  of  6/23/03  and  are  subject  to  change  without  notice.  Reseller  prices  may  vary.  IBM,  the  e-business  logo,  AIX,  eServer,  POWER4+  and  pSeries  are  trademarks  or  registered  trademarks  of 
Imemattonal  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be 
trademarks  or  service  marks  of  others.  ©2003  IBM  Corporation.  All  rights  reserved. 


